Contact us today!

FRS Pros Blog

Are Apple Devices Immune to Threats? Don’t Bet On It

Are Apple Devices Immune to Threats? Don’t Bet On It

For a very long time, Apple has been requested to share a workaround for their platform security with law enforcement, which the company has refused outright. Their argument has been that doing so would inherently undermine their lauded security. Well, the feds have given up asking, because they went ahead and developed a workaround themselves… and in doing so, have revealed that iOS isn’t quite as secure as it was purported to be.

Let’s discuss this means for your business’ security.

The Discovery

In mid-January, a team of cryptography researchers published a report that detailed their findings after closely examining the security measures that were implemented in modern mobile devices. Their study, entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, sought to determine three things:

  1. What security measures are currently in place to help deter unauthorized access to user data
  2. How unauthorized access is obtained on modern devices
  3. How mobile security can be improved to prevent unauthorized access moving forward

After an in-depth analysis of both platforms, the results were clear, but could still surprise a loyalist to Apple and their reputation for untouchable security. While both operating systems performed admirably, neither Android nor iOS had extensive enough security preparations—enabling anyone who had the right equipment, so to say, to access the operating systems.

While the report did state that the researchers were able to “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in iOS, these tools simply were not used consistently enough to sufficiently secure these devices.

Android’s issue laid more in the diversity of phones and manufacturers that Android can be found in, with lacking communications between Google and phone developers, slowly implemented updates, and differences in software architecture leading to inconsistencies in the platform’s security and privacy controls. Both platforms share a weakness where their data is synchronized with cloud services.

Mind you, these are all vulnerabilities in the physical device and its software infrastructure itself. In the rest of the report, the researchers detailed the specific vulnerabilities that each platform presents.

Apple-Specific Weaknesses

Apple enables users to securely store their data in its iCloud cloud solution, but according to these researchers, that’s not all the data that Apple takes possession of. When the service is initially activated, a ton of other user data is sent to Apple, where it is remotely accessible by lawbreakers and law enforcement alike (although one of these parties would need a subpoena for it).

Adding to the security concerns, the defenses that Apple had included in their devices against unauthorized use even seem to be less effective than originally thought. Based on analysis of available evidence, the research team hypothesizes that a tool has existed since 2018 that enables an attacker to bypass these protections and effectively guess a user’s passcode.

Android-Specific Weaknesses

Android presented some serious problems in its local data protection measures. One glaring example can be found in Android’s equivalent of Apple’s Complete Protection encryption (which removes decryption keys from the device’s memory after it is locked). The big difference between Apple’s solution and Android’s solution is that Apple’s solution exists, whereas Android retains these keys—making them easily capturable.

Hence, why the Federal Bureau of Investigation can access either platform without assistance.

What Does All This Mean?

Frankly, while these discoveries are unwelcome, they aren’t all that surprising.

It is never wise to assume that data is inherently safe, just because it happens to be stored on a particular brand of device. There is no such thing as impenetrable security, so you need to do everything you can to make sure the data that your business possesses—that your users might have access to from their devices—remains protected.

This means that you should implement every tool available to reinforce security around the devices your employees access work documents and resources with. This implementation should involve all company-owned devices, as well as those belonging to your employees that are used in a Bring Your Own Device strategy. The capability to remote wipe a device of sensitive data is not something to take lightly.

Of course, you also need to reinforce the importance of an employee keeping track of their device in the first place. While losing a mobile device is obviously a bad thing on principle alone, losing one with access to sensitive data is worse.

FRS Pros is here to help you see to your devices and the proper management of such. To find out more about what we can do, reach out to our team at 561-795-2000.

What Bases Should a BDR Cover?
Improving Society Through Technology

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Hackers Software Internet Google User Tips Innovation Efficiency Cloud Hardware Microsoft Workplace Tips Data Email Communication Computer Hosted Solutions Business Management Business Small Business Smartphones IT Support Mobile Devices Android Data Backup Windows 10 Cybersecurity Collaboration IT Services Backup Tech Term Malware Disaster Recovery VoIP Phishing Browser Users Upgrade Data Recovery Smartphone Gadgets Outsourced IT Windows Office 365 Internet of Things Communications Miscellaneous Quick Tips Information Ransomware Apps Network Mobile Device Cloud Computing Covid-19 Managed Service Cybercrime Business Continuity Saving Money Social Media Data Security Health Automation Managed IT Services Microsoft Office Passwords Operating System Facebook Blockchain Wireless Mobile Device Management Server Employer-Employee Relationship OneNote Two-factor Authentication Money Artificial Intelligence Information Technology Conferencing Alert Save Money Law Enforcement Holiday Vulnerability Mobile Office Wi-Fi Applications IT Support Chrome Best Practice Managed IT Networking Printing Managed IT Services Spam Virtualization Windows 7 Data Storage HIPAA WiFi Router Remote Telephone Systems Google Drive Settings Tech Support Remote Workers BDR Bandwidth Managed Service Provider Password Retail Access Control Unsupported Software Augmented Reality Hacking BYOD Windows 10 Bring Your Own Device Gmail Word App Vendor Computers Project Management Patch Management Battery Paperless Office Risk Management Data Breach Touchscreen History Data Management Smartwatch Travel Business Technology Productivity File Sharing Update Excel Software as a Service Apple Fraud Hard Drive Display Politics Hosted Solution Shortcut Sports Search Sales Human Resources Avoiding Downtime Mobility Audit Meetings Telephony Evernote YouTube Data Protection User Error Payment Cards Cortana Management Cost Management IT Management Going Green Social Data Loss Marketing Government Application WannaCry Commerce Encryption Mobile Security Safety Robot Google Docs Google Assistant Wireless Charging Training The Internet of Things Hybrid Cloud Instant Messaging Devices iPhone Budget Wireless Internet SaaS Voice over Internet Protocol Proactive IT VPN Wireless Technology Data Privacy Data storage Workstation Entertainment Administrator Credit Cards App store Amazon Downtime eCommerce Biometrics Keyboard Google Maps Spyware Remote Computing Identity Theft Streaming Media Specifications Virus Gamification Keyboard Shortcuts Virtual Private Network Lithium-ion battery Microsoft Word iOS WIndows Server 2008 Hosted Desktop Office Accessory Processor Regulations Compliance 5G Windows 10s HBO Computer Care Nanotechnology Development Telework Access Virtual Assistant E-Commerce Screen Mirroring Fiber Optics Server Maintenance Remote Work Vendor Management Chromecast Proactive Memory Unified Threat Management Innovations Tablets Maintenance Testing Smart Devices Scam Storage Social Engineering Computer Forensics Peripheral Laptop Benchmarks Policy Sync Solid State Drive Transportation Edge Chromebook Co-Managed Services Root Cause Analysis Micrsosoft Audits Internet Exlporer FAQ Alexa for Business Emails Cast Private Cloud Holidays Education Computer Fan Investment Net Neutrality Samsung Websites Financial Payroll Upgrades Managed IT Service Remote Working NFL eWaste Camera Sabotage Troubleshooting Identities Touchpad Myths Procedure Uninterrupted Power Supply Employees Hard Disk Drive Ciminal Telephone Business Intelligence Legal Solutions Charger Employee Copiers End of Support ROI Internet Service Provider Antivirus Data Theft Security Cameras Managed Services Provider Reviews Device Security Projects PC CRM Legislation Language PowerPoint Admin Humor Threats Video Conferencing Adobe Workers OneDrive IT Solutions Files Hyperlink Digital Signage Printer DDoS Compliance Break/Fix Webinar Inventory Windows Server 2008 R2 Recovery Gifts Computing Machine Learning Consultant Personal Information Facebook Privacy Managed Services Hacker Disaster Windows Ink Identity Printers AI Comparison Saving Time Remote Monitoring Scams Organization Emergency Licensing Updates Employee-Employer Relationship Point of Sale Microsoft Excel IT budget Value Wasting Time Firewall PCI DSS Outlook Medical IT IT solutions Reputation Company Culture Mobile Computing Black Market Cleaning Automobile Twitter Text Messaging Big Data Thank You es Managing Stress USB Worker Office tips How To Books Congratulations Advertising Video Games Experience Hiring/Firing Work/Life Balance Virtual Reality Crowdsourcing Employer Employee Relationship Current Events Electronic Medical Records Phone System Benefits HaaS Save Time Computer Accessories Cache Relocation Smart Technology Flexibility Music Monitors Television CrashOverride PDF Scalability Analytics Regulation Communitications