On Apple, Security by Obscurity and WS1 Trust Network.

In the last several weeks a number of bugs were found in Apple’s iOS, MacOS and protocols. This had coincided with a partner workshop last Friday, where the decisive argument was “Have you ever heard of an Antivirus for an iPhone“.

Apple is well known for refusing to publish any details behind the inner workings of its solutions, locking everything that may be locked down and suing all those who try to work around those limitations..

Despite all that, flaws are being found, iOS was jailbroken again (because Apple unpatched a fix they implemented in 12.3) and malware on App Store is just as common as everywhere else.

Security Researchers about Apple’s Security Through Obscurity

Yet again, this is a reminder that security by obscurity doesn’t work. Just because Apple doesn’t publish details and it takes longer to find bugs, doesn’t mean that you’re safer than on Android Enterprise or other OS.

It just means that undisclosed bugs remain a secret for longer and you won’t even know what to protect from!

What does it have to do with an Antivirus for an iPhone?

Antivirus for iPhone does not exist not because you don’t need it, but because you can’t have it. Any 3rd party apps you download from App Store simply will never get access to necessary permissions and APIs. The only ones getting as close to desired degree of control are the EMM agents – they get to gather considerably more data and execute considerably more actions than the 3rd party apps.

Thus, least we can do on Apple is to reduce the attack surface by DEPing and Supervising all the devices (good thing now you can do it with Macs too!,) and using an EMM platform that integrates with a variety of 3rd party solutions.

Why a variety?

Unfortunately, the security market is so FUD dominated, customers usually have to go through several solutions before the find the one that works for them.

[Marketing speak ahead, you were warned! 🙂 ]
Needless to say, this is why VMware Workspace ONE had implemented the Trust Network based off Workspace ONE Intelligence, where any security vendor can integrate via an existing API, and the logo list is already in double digits.
[Marketing speak off]

Realistically though, there is no way a 3rd party application will get access to as much data gathering and control APIs of iOS and Android devices as the EMM agent. So technically, it’s a win-win: we have means and the security vendors have [very specialized] smarts. And if the customer doesn’t find security solution X fitting, they can easily replace it with security solution Y w/o having to rebuild the entire infrastructure.

I wonder why others instead of doing this are trying to lock the customer down in their proprietary security modules, trying to compete with the whole security market. You can’t win this war – make them your allies, not enemies!

Workspace ONE Trust Network at a glance – gather data, exchange with integrated Security specialists, execute remediation commands

P.S. Apple had finally launched an extended Bug Bounty program and announced the special “Security Researcher” iOS devices with low-level access. Time will tell how this flies. For now, the only outcome was immediately suing Corellium, who had been plugging this gap for Apple for years.

It may as well now be Google’s turn to diss Apple’s security after all these years – time will tell. What to you think?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

<span>%d</span> bloggers like this: