Former Jailbreak Developers work to secure the iOS platform

BY Akshay Masand

Published 17 Jan 2016

sudosecurity2x

A team led by former jailbreak developers Will “Chronic” Strafach and Joshua “p0sixninja” Hill, are said to be working to secure Apple’s iOS platform.

After working on the opposite end of the spectrum for quite some time, previously seeking to crack iOS software code, the two, along with several unnamed former jailbreak developers, have been working on a new platform to secure iOS devices on both an enterprise-level and a consumer-level. The platform is dubbed as “Apollo” and it also happens to be the first security product from Strafach’s new company named Sudo Security Group.

The folks over at 9to5Mac recently had a chance to interview Strafach who explained that he and his team are more likely to know about the inner-workings of the iOS platform than any other group of developers aside from those at Apple who worked on the platform to begin with. Strafach had the following to say regarding the matter:

“We know the iOS system inside and out due to the years we’ve spent buried in disassembly tools seeing how things work. We know what weak spots to keep a close eye on, we know what bits are bloated and may be vulnerable in ways which have not yet been considered,”

He continued by adding that his team  has now “taken on the equally important task of figuring out how to make things better” instead of just figuring “out how to make things break.”

As mentioned before, the Apollo security platform can be broken down into two parts which consist of the enterprise level and the consumer application. We can dig into each to see what is offered.

Enterprise

Many larger corporations tend to use Mobile Device Management software, which is typically referred to as “MDM,” to manage large numbers of iPhones or iPads that are used by employees. In this case, Apple offers its own solution while there are several alternatives such as VMware’s AirWatch. In this scenario, the Apollo suite is looking to differentiate itself by offering a focus on security.

When on the enterprise path, Apollo uses a backend service dubbed the “Guardian” to scan applications installed on a user’s iPhone to check if the apps include any code that can steal user data, inject malware, make background installation attempts, conduct email-based phishing, or weaken the file’s system’s security.

The Apollo suite is capable of checking for the following:

  • Leakage of sensitive data (Intentionally, or due to insecure connections)
  • Communications with servers in a non-allowed/sanctioned region(s)
  • Utilization of private and/or privacy-invading APIs
  • Binary download attempts from unsafe sources
  • Suspicious application behaviors which may require a second-look

The suite touts the following additional functionality that may prove to be helpful to corporations:

  • Strict application whitelist and blacklisting abilities
  • Lock down devices as much or as little as needed, configurable based on user group or even individual users
  • Disable system applications such as App Store, Messages, and more.
  • Disable system features such as screenshots, data sync, and more.
  • Web content filtering, both liberal and strong options available
  • Heavy monitoring for network I/O activity to watch out for threats
  • Activation Lock Assistant – Never get locked out of a company-owned device by a personal Apple ID again!
  • Special case malware monitoring – Assure dangerous skimming malware does not find it’s way to your point-of-sale iPad or iPhone.
  • Block removal of our MDM and protection software from the device – Even if a hard reset / restore (“DFU Restore”) is performed!
  • Perform full system data wipe to be performed at any time
  • Prevent company-owned devices which were lost or stolen from ever being used again

The Sudo Security Group is positioning the Apollo suite as an ideal product for companies that want 100% control over their own corporate data on untrusted end points. According to eDiscovery attorney, Richard Lutkus, the software balances user privacy by sheltering personal data away from the manager as well, making it an attractive option for both the corporations as well as the employees who’ll have to use the software. In the case of a breach, the Apollo suite does have a remediation system that will help take care of the issue swiftly and safely.

Aside from all of these features, the enterprise suite touts extra security in the form of constant Touch ID notifications that ask the user to authenticate their fingerprint every few days. This system is designed to make sure that the device is still being used by its original owner. When activated there is no workaround besides using the fingerprint of the user. Furthermore, the enterprise application also has a method of blocking employee access to a certain type of application. This can prevent the devices from using software or features that would otherwise be a risk to the company.

Consumer

Due to several limitations that are put into place by the App Store, Strafach noted that the consumer application can’t read what other apps a user has installed. The consumer app instead revolves around checking for malware in the OS and connections to malicious servers instead. When it came to the topic of the consumer app as well as the general App Store approval process, Strafach had the following to say regarding the matter:

In the consumer-level app, we have indeed been able to be creative about adding useful detections in an App Store compliant way. But there are certain things which are off-limits to the allowed APIs, as everyone knows, so that is one way our enterprise offering ties into this. The Apple MDM Enterprise APIs allow gathering more information than what App Store complaint APIs allow, so we have leveraged this to benefit users as well. The company wants data to be kept secure and assure sensitive data cannot leak out, so part of this involves utilizing our binary analysis engine to assure that certain invasive apps won’t be loaded on devices. If we are already doing that though, it made sense to us to take this a step further: We have added detections which companies may not care as much about, but which a user absolutely would in terms of their privacy, such as applications which send your location or gender to advertising providers. This increases the incentive for employees to enroll their devices in their employer’s BYOD program as it can actually benefit them, allowing us to distance our offering further away from the current notion of being a “big brother” type solution that is forced onto devices, and instead create an experience that benefits both sides.

As of right now the Sudo Security Group plans to release the enterprise system during the first half of 2016 though no exact release date was mentioned. If you’re interested in Apollo, you can register for updates and information regarding the platform via this site which will soon be updated with more information on the platform.

[Via 9to5Mac]