Three researchers associated with the Johns Hopkins University have put forward a research report which confirms that Apple’s iOS has a robust mechanism that ensures the security and privacy of the data of its users. However, a company building a tight security system is not enough. It should also know how to utilize it properly. That is exactly where Apple has failed. Because of not implementing these security and privacy measures properly, Apple has made iOS users prone to being attacked by hackers and malicious users and their data being stolen or misused.
The researchers worked towards getting a thorough understanding of the security mechanisms to find out how secure it really is and whether there are any loopholes in it. The team was also trying out ways to strengthen this system further and prevent the possibility of any security breach.
The team of researchers concluded that the security mechanism was backed by strong encryption but the problem lied in the fact that Apple was not using or implementing it properly. Here is a simple way to understand the situation. When Apple tries to build a privacy system around a particular app, it secures the data of the app and not the user.
The data provided by the user goes to the Apple server via iCloud and from there, it can be easily accessed by anybody who possesses basic online hacking skills. Apart from hackers, such kind of data is also tracked by law enforcement agencies. Apple is known to use a security system called SEP which works towards protecting user data from hackers who try to break into somebody’s account by cracking their password. However, there have been multiple reports suggesting that hackers use software like GrayKey to go past these security measures.
Apple’s cloud services use end-to-end encryption to ensure data security. The company has also, on numerous occasions, stated that only registered users would be able to access the data on cloud servers. Researchers counter this information with evidence suggesting that when encryption services merge or combine with cloud-based servers, their security system tends to get weakened.
Researchers have identified a couple of other issues with Apple’s security mechanism. A very common issue, they say, is the appearance of a dialog box on iPhones. This kind of activity is often the work of a hacker. When an unassuming user clicks on the dialog box, it redirects him to a compromised security module. The researchers also point out that many other tech giants make the kind of mistakes that are similar to the ones Apple makes while trying to secure its data. Google, for instance, does not use end-to-end encryption while sharing data on an Android device to its own cloud servers.