Apple’s Dallas De Atley, Apple’s Platform Security manager, will be giving a talk at the Black Hat security conference on Thursday. De Atley will be speaking about “key security technologies in iOS,” although what that means is anyone’s guess. However, an Apple insider’s involvement in the Black Hat conference marks a drastic turning point for the company.
De Atley’s official presentation will be joined at the conference by security researchers who study and break the security schemes that Apple places on their Mac and iOS operating systems, such as Alban Diquet, Justine Osborne, and Jonathan Zdziarski.
Apple’s participation in and acknowledgement of Black Hat is an admission of what hackers have long known: Apple’s products are not impenetrable. Apple has long thrived on security though obscurity.
When the most serious viruses only affected Windows-based PCs, Apple could tout security as a benefit of switching to a Mac. It seems that Apple has clung to this image a little too long. According to Bloomberg’s report, the last time someone from Apple tried to take stage at Black Hat (in 2008), the panel was cancelled for marketing reasons.
By 2012, the environment’s different. Apple is now the world’s most valuable company, jailbreaking is a widely known (if publicly misunderstood) phenomenon, and over 600000 Mac computers were infected by the Flashback trojan. Apple’s platforms are a lucrative target now, which means they will continue to draw more attacks from real black hats. Apple has realized that it needs to shift from burying its vulnerabilities to exposing and confronting them.
One of Apple’s biggest unwitting allies in making its platform secure is the jailbreak community. The jailbreak community discovers exploits in Apple’s security and releases software that circumvents it. By releasing this code that makes homebrew software and modification possible, Apple is handed a list of known exploits and can guard against them. The state of security on Apple’s iOS platform would be different if real Black Hats discovered the TIFF exploit behind the web-based JailbreakMe, instead of hobbyist coders.
The question still remains: does it make sense for Apple to publicly acknowledge security, or is it better for Apple to keep its security in the background and let marketing do the talking? Share your thoughts in the comments section below.