Tight Apple security system keeps malware off iPhones

On July 27 Apple CEO Tim Cook announced that Apple recently sold the billionth iPhone. It is a staggering achievement. The first iPhone was sold in 2007, and it took only nine years to sell 1 billion.

Compare this with McDonald’s, which opened in 1940. Twenty-three years later McDonald’s reportedly served its billionth burger. An analyst estimated that between 350 million and 450 million iPhones were active at the end of 2015 and that growth will continue at about 9 percent per year until 2020. Hackers and criminal organizations are taking notice, seeing these users as prime targets for their money-stealing and ransoming malware. Stealing one dollar from 0.5 percent of that user base would reap $2.5 million!

Therefore, I wasn’t surprised when asked for my opinion on installing anti-virus software on an iPhone. It’s a logical question. Computer users are constantly advised to install anti-virus software. With the ubiquity of smartphones and the reports of malware threats, installing anti-virus on a smartphone (which is essentially a small computer) seems obvious and intuitive.

Remember, malware is simply a software program designed to conduct unauthorized actions on a computer. Traditional anti-virus or anti-malware tools scan computers, looking for files that match a catalog of malware “fingerprints.” If there’s a match, the file is flagged as malware and removed.

Apple’s iPhone security makes the creation and delivery of malware very difficult, and recent reports validate the security system’s resilience. According to email security provider Proofpoint, 98 percent of all mobile device malware attacks target the Android operating system, Apple’s primary competitor.

The iPhone operating system, known as iOS, requires applications to be signed by the developer and verified in a manner that enables Apple to identify the real-world person or company that developed it. Applications are not placed in the Apple App Store for iPhone users to download until the verification is complete, which strengthens the chain of trust.

If a developer fraudulently passes the screening process, the “sandboxing” feature of iOS prevents one application from manipulating another. Most malware operates by manipulating files of other applications and the operating system. Apple built iOS to prevent that, and to keep an application in its own sandbox, allowing it to talk to other applications only under specific controlled conditions. Interestingly, this sandboxing also prevents anti-malware tools from scanning files in search of malware.

The iPhone operating system randomizes the places where application data are temporarily stored while being processed in memory. As most malware operates by predicting where sensitive data and functions are located in a computer’s memory, this makes it difficult to create malware with consistent results. Similarly, this makes it difficult for anti-malware tools to look for malware.

These security controls are effective but not perfect. You can break the chain of trust and install non-Apple-certified applications by “jailbreaking” your iPhone. Jailbreaking, which involves modifying the iPhone operating system, is highly discouraged because there’s no quality assurance applied to the applications — and there have been many reports of iOS malware being distributed in this manner. In addition, jailbreaking can enable hackers to circumvent many other iOS security controls.

Last year unsuspecting developers compromised the Apple App Store by using a fake hacker-created version of Apple’s application development tool XCode to create and sell apps embedded with malware. This and other problems led security firm Symantec to predict these types of mobile threats will continue to proliferate.

Interest is growing in researching the security of Apple products, which likely will lead to discovery of more threats. Last month the local annual cybersecurity conference ShakaCon had three presentations on Apple product security, including iPhone compromises. In addition, Apple has reportedly announced a bug bounty program that will award up to $200,000 to security researchers who discover and responsibly disclose security vulnerabilities in its products. These efforts will undoubtedly identify previously unknown vulnerabilities that will need to be addressed in ways different from traditional anti-virus scanning.

So do you need a traditional anti-virus tool for your iPhone? No. In fact, you’d be hard-pressed to find one to download from the Apple App Store. The best approach to iPhone security is the following:

>> Stay within the Apple ecosystem (do not jailbreak).

>> Download apps from trusted vendors in the App Store and limit the apps’ access to your sensitive data (for example, photos, calendar, GPS location) to only what you feel is necessary.

>> Ensure your iPhone and apps are updated automatically.

>> Lock your phone with a passcode.

>> When reviewing email and browsing the web, beware of phishing and do not click on links to questionable sites.

>> If you sync your iPhone to a PC or Mac computer, make sure the computer is kept up to date and, in this case, has anti-virus software installed.

>> Pay attention to the reports of newly discovered vulnerabilities in the iPhone operating system and follow the recommended mitigations.

Apple’s approach to iPhone security has been relatively successful at deterring malware due to the controlled nature of its ecosystem. However, humans are not perfect, and will continue to create imperfect software that will be need to be secured in new ways.

Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.

Visit this article in the Star-Advertiser