For almost a decade, teams of hackers and programmers have worked tirelessly to crack the code of Apple's iOS software in order to inject new features, themes, and applications. Now, a team led by former jailbreak developers like Will Strafach, also known as "Chronic", and Joshua Hill, known as "P0sixninja", are working to secure Apple's mobile platform. The duo, along with a list of unnamed former jailbreak developers, have been working on a new global platform to secure iOS devices, for businesses and consumers alike. The new platform is known as "Apollo", the first security product from his new company from the Sudo Security Group.
In a telephone interview Strafach was asked different questions, the first question is about who may be interested in an application: why can jailbreak developers trust security devices? As Strafach explained, he and his team probably know more about the inner workings of iOS and other mobile platforms than any other group of developers, with the exception of Apple, due to their experience in playing with the kernel of the operating system.
“We know the iOS system inside and out from the years we've spent working on teardown tools and seeing how things work. We know the weak points to keep a close eye on, we know that bits are bloated and can be vulnerable in ways that have not yet been considered, "said Strafach, adding that his team" has been given an equally important task of figuring out how to do. things better rather than just figuring out how to make things break.
The Apollo Security Platform, as Strafach explains, can be divided into two parts: use in business and consumer application. Let's start with the company software. Many large companies use mobile device management software, known as an "MDM" service, to manage a large number of iPhones or iPads, for example, that are used by their employees. For example, Apple offers its own native tool, while leading software developers have their own solution called AirWatch.
The Apollo suite focuses on security: At a high level, the application uses a back-end service known as "The Guardian" that scan the apps installed on the iPhone of a user to check if applications include any code that could steal user data, inject malware, make background installation attempts, phishing email, and weaken the security of the file system. Specifically, Strafach shared the following list of application security checks that Apollo is able to do for employees who bring their own devices to the company:
- Sensitive data leaks (intentionally or due to insecure connections)
- Communications with servers in a disallowed / approved zone
- Use of private APIs
- Binary download attempts from insecure sources
- Suspicious application behaviors that may require a second scan
The service also has a long list of stronger security features. for devices issued to employees, not brought by employees to the company:
- App whitelist and blacklists
- Lock devices as much as needed, configuration based on user group or even individual users
- Disable system applications, such as, App Store, messages, and more.
- Disable system features like: screenshots, data syncing, and more.
- Web content filtering
- Intensive monitoring for network activity
- Activation of Assistant lock - Never change the user ID of a company-owned device to a personal Apple ID
- Special malware surveillance
- Block removal of our MDM and device protection software - Even if a reset / restore is performed ("DFU Restore")
- Complete data erasure that can be carried out at any time
- Prevent lost or stolen company-owned devices from ever being used again
In consumer-level application, in fact, they have been able to be creative about the adding useful detections in a way compatible with the App Store. But there are certain things that are off limits to the allowed APIs, as everyone knows. MDM Enterprise APIs allow you to gather more information than the App Store APIs allow, so they have leveraged this to benefit users as well. The company wants data to be kept secure and to secure sensitive data that cannot be leaked, so part of this involves the use of a binary scan engine to ensure that certain invasive applications will not be loaded on the devices. They have added detections that companies cannot care as much, but that a user would absolutely do in terms of their privacy, such as applications that send their location or gender to advertising providers.
Strafach says his company plans launch the enterprise system during the first half of 2016. Special pilots and a free consumer app beta will be available in the near future.