Latest iOS 10 Security Features Help Apple's Business Case
Now iOS 10 splits the virtual memory into two regions—one writable and one executable—and keeps the location of those regions hidden, according to mobile security firm Lookout. "It makes it much harder to find the executable region of memory," said Max Bazaliy, a security researcher at Lookout. "It blocks a common method of exploitation, so attackers are going to have to look elsewhere." 3. A better patch to protect the kernel In iOS 9, Apple launched a feature known as Kernel Patch Protection, wherein a low-level function periodically checks the integrity of the operating system kernel. In iOS 10, Apple further hardened KPP against known attacks, making exploitation more difficult."This is not just the evolution of software, but the [better integration and] evolution of the hardware," 4. Software ecosystem becomes more secure Apple has also made changes to the way developers interact with the app store and requirements for applications to improve security. Apple mandates that all apps be signed by certificates that are remotely checked using Apple's servers, allowing the company to revoke the certificates of known malicious apps. In addition, starting next year, Apple requires that developers only download updates and data using encrypted communications. The App Transport Security (ATS) specification uses Transport Layer Security (TLS) version 1.2 to ensure that applications send only encrypted data over the network. Finally, IT managers can put restrictions on devices that cannot be disabled by employees, such as forcing devices to allow automatic updates. "What I would speculate is that over the course of the next year, we will see a lot of the new capabilities for enterprise management of devices," MobileIron's Rege said. "More than that, they will be opening up more and more capabilities and features for managing the security of your applications." 5. Employees given more warning about unsecure WiFi Even the little things can make a big difference, such as clearer warnings when a user is connecting to an unsecure wireless network. Because workers are connecting to business data and networks while on the road and after hours, iOS 10's unsecure WiFi warning can give users a heads up if they are connecting to an unknown network. When the device connects to a hotspot not protected by a password, iOS 10 notes that "[o]pen networks provide no security an expose all network traffic." Enterprises can go even further, setting restrictions on which hotspots an employee can use while connecting to corporate resources, according to Lookout. Ever since the iPad came out, companies have been noting workers' increased reliance on WiFi, so the new tools and greater focus on security are both welcome, MobileIron's Rege said. "There is nothing that exposes weaknesses in your WiFi deployment more than to have thousands of iPads out there consuming video," he said.
The focus on minimizing the attack surface area will make iOS a much more difficult target to crack, Bazaliy said.