“Kaspersky lab: iOS is slowly becoming the “Android”
On June 13 of this year, Apple gave developers access to the beta version of iOS 10, and for the first time in history the “Apple” of the operating system – it was unencrypted. The web sparked a hot debate company consciously opened – or someone made an epic mistake? Last week, Apple finally confirmed: – left unencrypted intentionally. The specialists of “Kaspersky Lab” believe that thus the company took another step towards Android.
The kernel cache does not contain user data, — said the Apple. — The refusal of encryption has allowed us to optimize the performance of the operating system without compromising security.”
The experts decided to find out if the encryption does not affect the security of iOS, then for what purpose the company is encrypted – all these years? And why Apple decided to cancel the encryption right now?
The operating system kernel is the part that provides programs access the hardware power of the device: CPU, memory, drive and so on. Security kernel largely determines the safety of your device — a security policy in applications can be implemented only if they are supported at the kernel level.
– Why encrypt? Unencrypted – much easier to explore — it can do almost anyone and is closed (that is encrypted) — no. However, the cancellation of the encryption in itself do not mean that the iPhone and iPad with iOS 10 will be less safe. Just now the application developers, security professionals and even the criminals — in General, almost all for the first time, Apple will be able to learn – and, if lucky, find some bug or vulnerability.
This is both good and bad — it all depends on who first discovered the vulnerability. If criminals, then they’re probably using it in not very good order, and the affected users. If security professionals — they would like to believe, warned Apple and the company will release a patch.
This is a common race that is constantly “playing” white and black hackers, those who study the vulnerability on all of the OS used. In the “Lab” we are confident, however, that in the case of Apple this step, a lot can change for the company and for its users.
Why Apple took a course on transparency and what’s Android?
There is a market in which security professionals are trading the vulnerabilities found. Even a few markets — black, white and gray. Apple’s policy of isolation has led to the fact that vulnerabilities in iOS are more expensive than others, largely because they are more difficult to detect. For example, last year the company paid Zerodium unknown researchers a million dollars for the detection of zero-day vulnerabilities in iOS 9.
Recently the FBI tried to force Apple to hack your own device, and then got an exploit “on the side”. Depriving – encryption, Apple has dealt a blow to merchants vulnerabilities: now holes in the system will be looking for more people, so that they will surely find faster and their cost will drop.
Well, Apple itself will be able to quickly release a security update to patch the hole. Of course, if she ever finds out about these vulnerabilities, because the rewards for their detection (Bug Bounty Program) at the “Apple” of the company. So to sell vulnerabilities on the black or gray market hackers and researchers much more profitable.
At this step, there is another likely consequence. For many years Apple struggled with the breaks, and the last time it reached this particular success. So now, for example, no ready-made solutions for breaking the latest at the time of writing this post the iOS version is 9.3.2. Refusal to encryption simplifies the task of creating a jailbreak, so for the tenth version, it probably will, and quickly.
Also unencrypted kernel code unties the hands of those who likes to redo everything. Many users of Apple devices hard to resist politics of exclusion — they like the ability to modify the operating system and install third-party applications and add-ons. And they are looking for ways to circumvent limitations imposed by Apple.
“The more open for developers and all iOS becomes, the more it is coming to Android initially completely open (and also because having so many problems with security). And it seems that many people like it”, – concluded the experts.