Apple, Security, Threat Models and a Tightening Sandbox

Apple and logo are registered trademarks of Apple, Inc

I watched Apple’s iOS and MacOS keynote with a lot of interest.  Security, privacy, encryption, and two-factor all got some attention, either in the updates or on the main stage – it’s really cool to see a company build a product strategy around those capabilities.

At the same time, they’re removing granular decisions about how that security is implemented.   This dumbing down and forcing people into a very narrow configuration is getting annoying, and is becoming pervasive across their product line.  So when does it become a security risk?  When Apple’s threat model doesn’t match yours.

Let me share a few examples – like what is and isn’t sync’d to the cloud.  I ran into an annoying “feature” when reconfiguring my home network over the weekend – if you sync anything to iCloud keychain (to use HomeKit for example), you sync everything (which is why I don’t use it for passwords).  For example, it’s no longer possible to have a different set of wifi networks on each device.

Another example of this is the fingerprint reader – you can use the fingerprint, or a pin/passcode, but not both.  Now on a phone that’s probably ok, but on a Mac?  It’d be nice to see an option to use a simple PIN and a fingerprint, but Apple’s decided that the risk of fingerprint forgery is small.  Is that your threat model?  Maybe, and maybe not.

We can control application data access on cellular data, but not on wi-fi?  Apple’s threat model is about data usage.  Mine’s about monitoring and tracking (and to be fair, data usage too).    Evidently two-factor will be forced for AppleID logins in iOS 11.  That’s generally good, but I can come up with situations when you’d want to turn it off.  Will it be allowed?  Not sure.

They’re now going to store and sync all your messages via iCloud, not just device to device.  Sure it’s encrypted, but what if I want some data left on one, but not on others?  Again, it’s not hard to come up with some use cases where you’d want more granular control (and yet they still don’t have a “delete all chat’s option”, go figure).

They push their streaming content hard, to the point that the TV app doesn’t work reliably in airplane mode (I’ve had a case open with executive relations for months on this one), which they don’t view as a risk.  I do – to Availability, and I’ve suffered through multiple flights without media as a result.  I’ve been sorely tempted to buy an Android tablet just to have movies when I’m delayed for four hours during a thunderstorm.

Hopefully Siri will get a brain transplant and not just a face lift as HomePod comes out, but the idea of an-always on speaker listening in my house is, well, creepy.  And one with a camera?  I was amused recently when I saw someone with a sticker over their laptop camera….right next to an Echo look.  No thank you.

Apple Pay person to person is interesting, and I’ll be very curious to see how they deal with fraud – or fake allegations thereof.  The QR code integration into the camera is interesting, and I can see fun ways to leverage it – like taking someone to a malware site by posting one on a sign next to a scenic overlook, and titling it ‘Photographic Tips’.

I could go on, but I think I’ve made my point.  Apple’s a remarkable company, and I use many of their products, but their view of users, threat models, and use cases is growing steadily narrower.   It’s still the most secure computing and mobile platform for consumers, but let’s not kid ourselves – there’s tradeoffs to be had.

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.