How Apple's walled garden iPhone security can help hackers evade scrutiny

Apple locks down its devices to prevent malware, but it's impossible to prevent everything

Apple not only publicly champions privacy, it locks down its devices to protect security — even if some still say it's not enough. Now researchers are saying that this security actively benefits the small proportion of hackers who are able to defeat it.

"It's a double-edged sword," senior researcher Bill Marczak of cybersecurity firm Citizen Lab said to MIT's Technology Review. "You're going to keep out a lot of the riffraff by making it harder to break iPhones. But the 1% of top hackers are going to find a way in and, once they're inside, the impenetrable fortress of the iPhone protects them."

Marczak says that, for example, none of his team's systems could initially find any evidence of hacking on Al Jazeera journalist Tamar Almisshal's iPhone. Only by looking at the phone's internet traffic were they able to identify a connection to servers owned by Israeli hacking company NSO Group.

What's more, Apple's ongoing efforts to improve security derailed an investigation Marczak was conducting in 2020. Unspecified updates to iOS reportedly disabled a jailbreaking tool that Citizen Lab was using. It prevented the tool examining a particular update folder, which Marczak says is where hackers were hiding their code.

"We just kind of threw our hands up," he said. "We can't get anything from this — there's just no way."

Searching for evidence of malware

According to Technology Review, another security firm works by looking for indirect clues. Trail of Bits security engineer Ryan Storz uses an Apple-approved app called iVerify, which looks for anomalies like unexplained file changes.

He refers to it as having a tripwire, meaning you can't observe malware, but you can detect it in action. "As we lock these things down," he said, "you reduce the damage of malware and spying."

Security researcher Patrick Wardle has previously described the increased security Apple has brought to the Mac with Apple Silicon, and he told Technology Review that this adds to the overall protection of Apple devices.

"[Apple's] iOS is incredibly secure," he said. "Apple saw the benefits and has been moving them over to the Mac for a long time, and the M1 chip is a huge step in that direction."

"[However, security] tools are completely blind, and adversaries know this," he continued.

Aaron Corkerill of Lookout mobile security thinks that even so, Apple will continue to lock down devices, and so will other manufacturers.

"Android is increasingly locked down," he said. "We expect both Macs and ultimately Windows will increasingly look like the opaque iPhone model."

"We endorse that from a security perspective," he continues, "but it comes with challenges of opacity."

"I personally believe the world is marching toward this," says Ryan Storz. "We are going to a place where only outliers will have computers — people who need them, like developers."

"The general population will have mobile devices which are already in the walled-garden paradigm," he continues. "That will expand. You'll be an outlier if you're not in the walled garden."

An Apple spokesperson told Technology Review that the company believes it is pursuing the correct balance between usability and security.

Separately, Apple recently responded to Citizen Labs' report of vulnerabilities in iMessage by completely rewriting the app and service to remove the issue. As released in iOS 14, a new sandbox called Blastdoor parses all untrusted data, analyzing it for issues that may affect users.