Enhancing security in Apple devices

November 6, 2013
Boosting security for mobile devices is a top priority for service providers and consumers. Credit: Geber86/iStockphoto.com

A*STAR's Institute for Infocomm Research has helped to fix three security weaknesses in Apple's iOS mobile operating system.

A Singapore-based team of researchers has been acknowledged by Apple Inc. for helping to strengthen the security of the company's latest , iOS 7, which runs on its popular smartphones and tablets. The team identified three related to data protection, telephony and Twitter use, which Apple then rectified prior to the much-anticipated global launch of iOS 7 in September 2013.

With each successive update to the iOS operating system, Apple strives to offer a host of new features aimed at broadening and improving the user experience. New functionalities and the rise of third-party applications, however, risk compromising the security of the iOS platform. "While Apple has made significant efforts to secure iOS and provide a secure mobile platform for its users, we wanted to test just how secure the was and how to improve security further if any vulnerabilities were identified," says Jianying Zhou of the A*STAR Institute for Infocomm Research (I2R). "Platform security, user privacy and availability of services are some of the top security and privacy concerns of mobile users."

Working in collaboration with researchers from the School of Information Systems at Singapore Management University, the A*STAR team uncovered security flaws that would enable hackers to access a user's passcode, interfere with incoming calls and post unauthorised content on Twitter.

The researchers developed multiple proof-of-concept studies—designed to test whether iOS would work as intended—to investigate three theoretical attack scenarios for the iPhone 4 and newer models, the fifth-generation iPod touch onwards, and the iPad 2 and later versions. In each case, the researchers proposed solutions that could reinforce security through additional entitlement checks, as well as ways to improve Apple's vetting process for third-party applications.

The motivation behind the research, Zhou explains, was "to protect the security and privacy of businesses and individuals." Apple's iOS and Google's Android are two of the most popular mobile operating systems in terms of the number of users worldwide. "A lot of research had been conducted on the security of the Android platform but relatively few efforts focusing on the security of the iOS platform when we embarked on this research in 2012," says Zhou. The team notified Apple of their findings in October 2012 and the weaknesses were fixed before the release of iOS 7 in September 2013. "It took almost a year because the issues were quite complicated to address," explains Zhou.

With over 100 PhD-level researchers active in the fields of analytics, cyber and human language and speech technologies, the I2R is Singapore's largest intelligence, communications and media research institute. The I2R partners with leading universities and companies through joint laboratories and feasibility studies to develop innovative solutions for a wide spectrum of consumer products.

"We are encouraged to perform mission-oriented research that could help to address real-world problems and make an impact," says Zhou. "We aim for a balance between basic science and industry development. By collecting input from industry on their requirements, we can predict future trends that guide our research; this strategy means that our findings have a better chance of being translated into useful technologies."

Explore further: Mobile security: Android versus Apple

Related Stories

Mobile security: Android versus Apple

October 9, 2013

Smartphones are big business, prompting fierce competition between providers. One major concern for consumers is whether a smartphone will keep their private data safe from malicious programs. To date, however, little independent ...

Georgia Tech uncovers iOS security weaknesses

July 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, ...

Stanford launches new free course on iPhone/iPad apps

November 5, 2013

(Phys.org) —Stanford's incredibly popular online course, Developing Apps for iPhone and iPad, is now available for iOS 7 on iTunes U. As always, this free course is available to anyone, anywhere.

Recommended for you

When words, structured data are placed on single canvas

October 22, 2017

If "ugh" is your favorite word to describe entering, amending and correcting data on the rows and columns on spreadsheets you are not alone. Coda, a new name in the document business, feels it's time for a change. This is ...

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.