Feb 22, 2021 19:00:00

Media claims that 'the future of security lies in vertical integration' from Apple's public security guide

Apple has published a guideline, '

Apple Platform Security, ' which provides information on the security of its products. This security guideline has a detailed explanation of the main security functions provided by Apple that protect devices, OSs, and cloud services, but I read this and said, 'The future of cyber security is vertical integration.' Media TidBITS reports.

Apple Platform Security-Apple Support
https://support.apple.com/ja-jp/guide/security/welcome/web

Apple Platform Security Guide Reveals Focus on Vertical Integration --TidBITS
https://tidbits.com/2021/02/18/apple-platform-security-guide-reveals-focus-on-vertical-integration/

Since 2012, Apple has regularly published details about its security efforts in its services. Initially, Apple published security guides for iOS devices and macOS devices separately, but from December 2019 onwards, Apple will explain the security details of devices, OSs, and services provided by Apple. 'Security' is open to the public. Regarding this 'security of the Apple platform,' TidBITS describes it as 'between highly technical documents for developers and easy-to-read documents for consumers,' and describes the security services provided by Apple. It's a useful resource for anyone who wants to understand.

A reading of the security of the Apple platform reveals that 'the future of cybersecurity lies in vertical integration,' TidBITS reports. TidBITS says, 'Vertical integration in this case means a combination of hardware, software and cloud services to build a comprehensive ecosystem. Vertical integration for added security is just a trend within Apple. Rather, it's a widespread trend across the industry, including major players such as Amazon Web Services. It's difficult to compete with vertically integrated security if you don't have full control over your stack of hardware, software, services, etc. '.

On the Apple Platform Security overview page , Apple described its security as 'protecting personal information by integrating hardware, software, and services to work together on all Apple devices.' For the ultimate purpose, we provide the highest security and transparent user experience. Custom security hardware enhances important security features. Software protection provides operating systems and third-party apps. The service provides a mechanism for securely updating software at the right time, increasing the security of the App ecosystem, protecting communications and payments, and making the Internet more secure. We will realize a usage experience. ' TidBITS claims that this is exactly vertically integrated security.

While vertically integrated security is very powerful, TidBITS points out that it also raises its own concerns that 'customers will lose control of some of their security.'

If you read 'Apple Platform Security', it seems that examples of forming vertically integrated security are explained in three different layers: 'hardware', 'software', and 'services'. Apple describes the security of each layer as follows:

hardware:
At the core of all Apple Silicon devices is dedicated security hardware, including

Secure Enclave for handling sensitive information, such as encryption key management, passcode storage, and data protection for Face ID / Touch ID. Secure Enclave is the Root of Trust (RoT) of hardware in Apple's ecosystem, ensuring that all devices are as inherently secure as possible and securely connected to Apple services. Is for.

software:
The OS and apps provided by Apple are tightly integrated with the security features of the hardware. For example, the integration of hardware and software enables more advanced memory protection and data protection by using the hardware RoT built into the CPU and the security functions on the software.

service:
Apple is increasingly integrating cloud services with the security model of the ecosystem. For example, Apple's servers securely sign apps on the App Store by using keys that can be verified by the Secure Enclave RoT.

Providing security across these three layers 'allows Apple users to take advantage of many practical security benefits,' TidBITS said. For example, all software components running on hardware are encrypted by Apple and associated with an encryption key burned into the factory Secure Enclave. And Apple leverages digital certificates and security policies embedded in the hardware so that the latest version of the operating system can only be installed on devices approved by Apple. This will allow Apple to rely on cloud servers to provide the right OS for its hardware, preventing users from installing older or vulnerable versions of the OS. ..

In fact, this vertically integrated security reduces the chances of installing older versions of vulnerable operating systems, connecting hardware to crack your Mac during boot, or rootkits that break in during boot. It seems that the risk of installing it has been greatly reduced.

And TidBITS notes that this approach has helped build a security foundation for operating systems, apps, and other services. For example, Apple's messaging app iMessage uses Secure Enclave to protect the encryption key to protect your messages. As a result, Apple can no longer peep at all the messages exchanged with iMessage.

Apple isn't the only one offering vertically integrated security. In fact, many Android devices have their own version of a security chip like the Secure Enclave. However, in the case of Android, it is difficult to provide Apple-level security because the device manufacturer does not provide its own OS or service.

TidBITS is about vertically integrated security: 'It's the cornerstone of protecting yourself from current and future threats. Today's attackers are so sophisticated and enthusiastic that they completely protect their OS and hardware. It's very difficult to build a secure device without integration, 'he said, arguing for the need for vertically integrated security that can provide a higher degree of protection as attacks by hackers and others are highly advanced. doing.

On the other hand, relying on a particular vendor's cloud service means that if the service goes down, or if the vendor discontinues the service, the user will not be able to use all of the hardware, software, and services. Apple won't stop offering the service right away, but when the latest version of macOS, 'macOS Big Sur,' was delivered, the Mac slowed down.

With the release of the latest OS 'macOS Big Sur' for Mac, the speed will be slowed down to OSs other than Big Sur --GIGAZINE

In addition, with the release of the latest version of 'Apple Platform Security', it is also clear that there is a hidden boot mode '1 True Recovery' on M1 Macs. It is necessary to press and hold the power button twice to use 1True Recovery. However, although it was possible to use 1True Recovery on the M1 equipped MacBook Pro, it seems that it could not be used on the M1 equipped Mac mini.

M1 Macs have another hidden boot mode – The Eclectic Light Company
https://eclecticlight.co/2021/02/20/m1-macs-have-another-hidden-boot-mode/