So I was listening to a podcast last night call Security Now. It is a security show that is hosted by Leo Leport of the TWiT Network and features Steve Gibson of Gibson Research Corporation. Security Now is one of my favourite podcasts to listen to every week. I love what Steve has to say and he can explain some complicated things very well! This podcast was titled ‘iOS Security‘ I was thinking that it will be so nice to hear Steve rip into how bad the security on iOS is, I was shocked to hear the opposite!! I would encourage everyone to have a listen to it as it does help to understand Apple Hardware security not iOS security. Apple did put out a White Paper that is a good read also iOS Security White Paper. This White Paper is what Steve is basing all his opinions on as well. I would ask people to watch the episode in question and also read the White Paper. To get a better understanding of how security works on Apple hardware. The truth of the matter is that you can have the most secure hardware ever but if the OS that runs on that hardware has security issues then the house of cards come tumbling down.
Well I had to write Steve an email because his show blew me away! Here is what I wrote to him..
Okay Steve I had to write in and I hope a lot of other people also wrote in to you about your ‘iOS is secure podcast’! Seriously Steve I have to say it but I think Apple has finally got you to drink their Kool-aid. You used to be a BlackBerry user and I always thought ‘of course you are you are a security person, security matters to you’. Than a couple of months ago you switched to iOS and from that point on all of a sudden it seems security no longer matters to you in a mobile device. I 100% understand that yes it is a great and fun operating system, I understand why people like to use Apple products but it comes at a price, security! I am an IT administrator and those devices are not even allowed to connect to our network nor will an Android. These devices were not built with security in mind, they were built with ‘how can we make a device that everyone will love and then let’s throw some security in there’ mentality. I do agree that hardware wise Apple did do their homework, the hardware in the device is done right. But let’s be real here and ask the real questions then, if someone wants my data where can they get it from? From the hardware? Nope as you explained it’s built like a rock, How about from the OS? Yep there are many security holes that allow access to you data. The cloud? Yep because they are using NSA supported encryption. So tell me Steve what does hardware done right mean when the OS that sits atop it spits out your data like a Pez dispenser?
Why would anyone go through that much work when the OS (that always has full access to the unencrypted data) is so full of holes it’s not even funny? You were very neglectful to explain this to regular users that don’t understand the difference. Apple could have hands down the best hardware in the world with the best encryption but if the OS that sits on it is flawed then it defeats the purpose. For example I could build the most secure house in the world no one can break into my house of steel but then put a glass window on it. It’s like who cares how strong anything is when there is this vulnerability right here that is simple!!
You have always said Steve that something is only as strong as its weakest link. This statement holds 100% true here! The OS is the weak link and Apple will never rebuild it to be properly secure because it would break everything like hardware and software. You and I both know that will never happen.
An apple device can be rooted! Just even saying that should scream how insecure the OS is, how can you possibly root a secure device? You can’t, take for example BlackBerry it has never been rooted, why? Because they did the hardware right and they did the software (OS) right. This is security done right BlackBerry set the bar not Apple!
I am a BlackBerry fan but I am also not blinded by the love for the device. I do IT training for all new BlackBerry 10 owners here at work and about 50% of the people I train that are other OS users say ‘OMG, BlackBerry is awesome, I don’t understand why people hate on it so much’ They continue to say how many features it has that none of the other OS has. I can only say to them ‘I know you’re preaching to the choir’ It is not a bad OS in any way and can do 99% of what any other OS can do. It just has a bad reputation.
With all that said Steve I really wish you would make sure when you speak of security you use BlackBerry as the mobile device that set the bar not Apple, that comment almost made me cringe. You can’t just look at one device and say it set the bar!!
Please Steve make sure you let people know that just because the Hardware of Apple is secure does not mean all the information on it is safe! You are giving people false security and feeding the fire that people believe their data is safe on an Apple which it is but only to a hardware attack.
Sorry for the long email but I have never shook my head at your show Steve, this was a first. You are a very smart guy and I respect your point of view on things. I look up to you and hope I could be that smart someday. I feel like you give it strait with no bias which is rare, almost everyone has an agenda. This really must be explained to people so that they understand the difference between secure hardware and what that means with an insecure OS.
Almost forgot, I love the show blah blah blah … well till this point :) keep it going!!
I am sorry but I just had to write about how bad this information was to the public.
© Caspan 2014