Latest iOS 10 Security Features Help Apple’s Business Case
ANALYSIS: Integration with partners such as Cisco and centrally managed restrictions make iOS 10 a more secure enterprise platform, according to mobile-device management experts
Now iOS 10 splits the virtual memory into two regions—one writable and one executable—and keeps the location of those regions hidden, according to mobile security firm Lookout.
“It makes it much harder to find the executable region of memory,” said Max Bazaliy, a security researcher at Lookout. “It blocks a common method of exploitation, so attackers are going to have to look elsewhere.”
- A better patch to protect the kernel
In iOS 9, Apple launched a feature known as Kernel Patch Protection, where a low-level function periodically checks the integrity of the operating system kernel. In iOS 10, Apple further hardened KPP against known attacks, making exploitation harder.
The focus on minimizing the attack surface area will make iOS a much more difficult target to crack, Bazaliy said.
“This is not just the evolution of software, but the [better integration and] evolution of the hardware.”
- Software ecosystem becomes more secure
Apple has also made changes to the way developers interact with the app store and requirements for applications to improve security. Apple mandates that all apps be signed by certificates that are remotely checked using Apple’s servers, allowing the company to revoke the certificates of known malicious apps.
In addition, starting next year Apple requires that developers only download updates and data using encrypted communications. The App Transport Security (ATS) specification uses Transport Layer Security (TLS) version 1.2 to ensure that applications send only encrypted data over the network.
Finally, IT managers can put restrictions on devices that cannot be disabled by employees, such as forcing devices to allow automatic updates.
“What I would speculate is that over the course of the next year, we will see a lot of the new capabilities for enterprise management of devices,” MobileIron’s Rege said. “More than that, they will be opening up more and more capabilities and features for managing the security of your applications.”
- Employees given more warning about insecure WiFi
Even the little things can make a big difference, such as clearer warnings when a user is connecting to an insecure wireless network. Because workers are connecting to business data and networks while on the road and after hours, iOS 10’s insecure WiFi warning can give users a head’s up, if they are connecting to an unknown network.
When the device connects to a hotspot not protected by a password, iOS 10 notes that “[o]pen networks provide no security an expose all network traffic.”
Enterprises can go even further, setting restrictions on which hotspots an employee can use while connecting to corporate resources, according to Lookout.
Ever since the iPad came out, companies have been noting workers’ increased reliance on WiFi, so the new tools and greater focus on security are both welcome, MobileIron’s Rege said.
“There is nothing that exposes weaknesses in your WiFi deployment than to have thousands of iPads out there consuming video,” he said.
Originally published on eWeek