In order to gain access to the iPhone 5 c San Bernardino beyond the entrance to the lock screen, the United States Government eventually had to pay a third party to exploit a little-known vulnerability in iOS and entering the designated device. According to the director of the FBI, James Comey, the Agency paid at least $ 1.3 million to carry out the “hack” to the device.
Analyzing the market black for them called “judge of the iPhone”, an engineer of safety of Apple is really satisfied by the made of that violate the device have prices so high, since means that are rare and difficult of achieve.
Ivan Krstić, head of engineering and architecture of Apple security, explained at a conference held at the annual Conference of Apple last week about how you see Apple security as a design philosophy.
The team of Krstić uses metric “indirect” to evaluate it rather than are doing, and one of those indicators are the prices of the market black for the iPhone.
As many of you probably know, there is a black market for software vulnerabilities, and occasionally some of the prices on the black market are known. In general, these prices are tens of thousands of dollars, sometimes $100,000. He takes that as a grain of salt, but it is a fascinating to think figure. What we are seeing now is the result of a decade of our best work in the protection of our users.
Apple employs the so-called principle of security model below, which is based on a series of software protection, the signing of code embedded in iOS, the approach based on software of linkage with the encryption of the full device made in hardware, through the safe enclave, a coprocessor within the main processor that stores the encryption and keys of the device using encryption , Apple Pay and the Touch ID.
Due to the fact that Apple “is based on the safety at all levels”, malicious users often have to take advantage of five to ten separate vulnerabilities. This is an of the reasons main by which the iPhone, in words of the own Krstić, not has had a virus or a problem of malware large-scale in the last nine years.
Unlike Microsoft, Facebook and Google, Apple doesn’t have a program bug bounties which would encourage hackers to sell some vulnerabilities discovered in iOS directly to Apple, which is a quite feasible method to reduce attacks on the operating system.
