Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:05
Apple IOS devices are designed with security as a priority.
00:08
Security features built into the hardware firmer and software layers of IOS devices protect devices against unauthorized access and malicious attacks.
00:16
However, the security features can hinder forensic acquisition, an examination,
00:21
a basic understanding of the security architecture and Apple's IOS can help anyone trying to recover digital evidence from an iPhone or iPad,
00:28
starting with System Security Secure Boot chain. The boot process of an IOS device includes a number of components.
00:35
Every component is cryptographic Lee, signed by Apple
00:38
when an IOS devices turned on, the application processor executes the boot code from the boot wrong, which is the read only memory.
00:46
This blue code is added to the chip during fabrication and therefore is trusted.
00:50
The boot room also contains the Apple route. See a public key,
00:54
the Apple route. See a public key verifies that the low level boot loader or L. L. B is signed by Apple and then executes it.
01:02
The L O. B verifies that the next stage boot loader I boot is signed by Apple and then executed.
01:07
Finally, I blew verifies the IOA is colonel and executed
01:11
during the boot process if one step was unable to verify or load the next step. The boot process stops.
01:18
Devices plays the connect to iTunes symbol on the screen.
01:22
This secure boot process ensures even the lowest levels of software can't be tampered with and that the IOS runs on validated Apple devices only
01:30
system software authorization.
01:33
The system software processes used to distribute updates to authorize IOS devices and to prevent devices from being downgraded to order. IOS version, which lacked the latest security features
01:42
updates, are released regularly to distribute new features and to address emerging security threats.
01:48
Apple makes use of the device is unique. I d to sign the updates.
01:52
This ensures that an older version of IOS from one device can't be copied onto another
01:57
encryption and data protection hardware security features.
02:00
Every eye west of ice comes with a crypto engine dedicated to encryption and decryption past.
02:07
These devices are scum with unique I d. Called the U I. D. And a device group. I decode the g i. D.
02:13
Both of these i d s. R a E s 256 big keys fused into the application process or during manufacturer.
02:20
See these keys are built into the silicon. It can't be tampered with or read by any software or firmware directly.
02:25
The idea is unique to a device and is not recorded by the device manufacturer any of its suppliers.
02:31
The G I T. Is common to all processors in a particular class of devices.
02:36
All devices using an A a processor, for example, have the same g i d
02:39
the device. You i d ensures that the data on the device script a graphically tied to that particular device,
02:46
the file system key computed using the U. I. D. And stored in the official storage, is used to encrypt the file system on the device.
02:53
This means that follows on a device are not accessible. If the flash storage from that device was physically removed or moved to another device
03:01
file data protection.
03:05
IOS devices used a technology called data protection to protect that is stored in the device is flash storage.
03:10
This technology works by creating and managing a hierarchy of keys.
03:15
Some of the keys air computed using the keys infused into the hardware layers.
03:19
File system keys computed using the hardware key. The device you I D
03:23
class keys created using the hardware key and the device passcode.
03:27
Every fall created in the data partition is assigned to a class.
03:30
There are predefined classes on IOS devices. Each class uses different policies to determine when the dad in the file becomes accessible.
03:38
When the file was created in the data partition, data protection creates a per file key to encrypt data in that foul as it is written to the flash storage.
03:47
This Per Falke is wrapped with one of the class keys,
03:51
the class to which the file belongs,
03:53
the raft Halkia stored with the file metadata
03:55
when the fire was open. The file system key decrypt the file metadata prevailing the rapture, Valke and information about the files class
04:03
the class keys then used to determine the per file key.
04:08
This Foulke's then used to decrypt file contents because the file system key is stored in the official storage.
04:14
When the remote white were a cell content and settings, commands are issued, this official storage is securely erased, the file system keys dilated and all files were made cryptographic. Lee inaccessible.
04:25
Pasko's
04:27
most users walked the IOS devices with a passcode.
04:30
Passcode prevent unauthorized access to the data on the device
04:33
today. Devices support six digit for digit and arbitrary length alpha numeric passcodes by the phone. Once the passcode to set on device,
04:42
the data protection technology is enabled
04:44
passcodes air using generating keys, an encrypted data on the device. Therefore, the stronger the passcode, the stronger the encryption key.
04:51
Touch I d. Fingerprint recognition was introduced with the iPhone five s.
04:56
Fingerprints will offer easy and quick access to the device because the touch I d is back with the passcode. Use can keep complex passcodes to have stronger encryption keys, but retained quick access to the device with a touch i d fingerprint
05:09
to prevent brute force attacks on passcodes. Time delays are in force between the failed attempts.
05:14
Mr Lay keeps increasing with every subsequent failed at that. If the touch I D and passcodes setting erase data has turned on, the device will automatically wipe after 10 consecutive failed attempts.
05:24
AB security
05:27
AP code signing. Another important Iowa security element is at code signing.
05:31
Apple allows only Apple sign code to be executed on IOS devices.
05:35
All third party app developed for IOS devices are first validated by Apple. Then sign using an apple issued certificate before making it available through the APP store.
05:45
This prevents any malicious run signed coat were being executed on the IOS devices
05:49
Sand Boxing
05:51
Apstar Sandbox. To protect user data on an IOS device, ST Boxing isolates a nap, restricting access to other APS files and arrest of the system.
06:00
Because each APP is permitted to run in its own restricted area, only any security issues related to a nap are confined.
06:08
Device controls
06:10
remote white
06:12
users or administrators can remote wipe and IOS device in the event the device is lost or stolen.
06:16
When a remote wipe is issued, encryption keys in the official storage are securely deleted,
06:21
making all the data on the device unrecoverable.
06:25
A user can also wipe the device in their possession by going to settings General
06:30
reset and selecting erase all contents and settings.
06:33
Last mode
06:35
Loss Motors Security feature introduced in IOS 9.3
06:40
When the device is lost or stolen, a mobile device management administrator can enable the loss mode on supervised IOS devices.
06:47
When Los murders enabled where was in possession of the devices logged out and the device cannot be unlocked,
06:53
the device may display administrator customized message on the home screen, such as a phone number to call for returning. The device
07:00
Administrator can also request the device to send its current location.
07:03
A mobile device management administrator is the only one who can disable loss mode.
07:09
Activation line
07:11
activation lock in security feature introduced in IOS seven.
07:14
When the device is lost or stolen, Activation law prevents another user from using the device.
07:18
This feature is automatically turned on when find my phone is enabled.
07:24
When activation lock is enabled. These is Apple I. D. Credentials are required to reactivate or erase the device.
07:30
A basic understanding of the security architecture Annapolis IOS is a must for forensic analysis. Data recovery on an Apple device.
07:36
A great place to begin is with apples. Iowa Security White Paper,
07:41
which is available on www apple dot com and covers each feature in greater detail

Up Next