After all of the issues Apple has had with the FBI, it seems as if they are finally willing to give more information on their security approach. Apple recently came out with a press release discussing how the security on iOS works.
Now Apple did not discuss the specifics of the battle with the FBI, but their responses gives some explanation on why they did not want provide the FBI the information they asked for. Apple has stated repeatedly that their securities goal is to protect users from hackers, not the government as many people may think. Since iPhones have so much information on them, including credit cards due to Apple Pay, everything must be done to protect a user’s phone. Since they create all the hardware and software themselves Apple is focused building its security from the ground up.
Apple spent a lot of time emphasizing the bootup process for iOS devices. The boot process is very complicated and plays a huge role in iOS security. The following is from Apple’s press release on how it describes their boot up process.
When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. When the LLB finishes its tasks, it verifies and runs the next-stage bootloader, iBoot, which in turn verifies and runs the iOS kernel.
In order to prevent hackers from taking over your device, the hardware in your iPhone checks the software to make sure it is Apple software. However, if you do not have the latest operating system installed, hackers can get your information easier. Therefore, you should always update your operating system. Apple also liked to reiterate there is no such thing as 100% secure.
In terms of encryption, Apple has had hardware support for Advanced Encryption Standard (AES) since 2009. Apple encryption starts with the hardware. There is a chip that encrypts data. Apple uses a standard encryption algorithm and also publishes its source code on the Apple website. This a way to show people that their method is safe, it will not give people the information to hack phones.
There is so much information that is now published by Apple on how they handle encryption that you may want to check it yourself. The link was provided above. Although, there are not exact details on how Apple handles security, they have discussed why they do not want to create a way to unlock iPhones and how they handle security in general. IPhones have become a very important aspect of our lives and for it to be an unsecured device will cause countless problems.