PARIS. On the test bench there is a half-open iPad Pro, with the components visible, turned on and connected to a Mac running test software. In the center, above the M2 chip without external protection, there is a sensor for measuring the electromagnetic field. The researcher starts the program on the computer and asks us to enter a password. The test program passes images to the iPad, which will encrypt them based on the key entered.
We are not on the set of an iFixit video, but in a laboratory inside Apple’s French headquarters. We are the first journalists to have access: here the company’s security engineers put the iPhone, iPad and Mac under pressure to study and prevent potential flaws in not only the software but also the hardware, including the A and M series chips. Flaws that could allow attacks similar to the one the researcher is simulating in front of us. When the image is sent to the iPad for encryption, the M2 chip emits electromagnetic signals that are recorded by the sensor and sent to a precision oscillometer. With dedicated software it is possible to compare a sufficiently large number of them, in the order of tens of thousands, isolate the repeating patterns, and trace the bits that contain the secret key with which it is then possible to decrypt the images.
The proof: how the new Apple iPhone 15s are made and how they perform
A tailor-made test
None of what is shown to us would be possible on an iPad like those found in shops, the researchers explain to us: the device was prepared specifically for this test, all protection was removed, and the sensor positioned exactly on the portion of the “bare” chip in which it is possible to record the signals useful for the test. But the point of the laboratory tests is precisely this: to experiment with “hacks” that do not yet exist, no matter how abstruse or unlikely, to discover unexpected vulnerabilities and above all to develop preventive defenses against the potential cyber attacks of tomorrow.
Apple does not confirm it, but in all likelihood it is here that a year or two ago researchers were testing the M3 or A17 Pro chips, which recently arrived on Macs and iPhone Pros. And in portions of the laboratory closed to us there will certainly be someone working on the security of chips to be launched in 2024 and 2025. This is not speculation, but a deduction. In fact, Apple explains that this is the only laboratory in the world that works on tests of this kind. The team is small, localized and highly controlled: leaks of information on hardware vulnerabilities not yet “patched” would be disastrous.
There’s a reason this research unit is located in the center of Europe and not in the underground dungeons of the Cupertino campus. In the old continent the level of academic research on security is very high: the universities here train researchers whose theoretical work on cybersecurity is the basis of the company’s internal research. A talent pool that is much easier to employ in the same geographic area as universities. It’s the same reason why some of the teams working on the development of M chips are based not in the US or Taiwan, where the chips are made, but in the new hardware development center in Munich.
The Paris laboratory is part of the Security Engineering and Architecture (SEAR) division, which is not only responsible for testing hardware and software to discover bugs and vulnerabilities. He is also responsible for setting the tone for security design and establishing development guidelines for software and hardware teams to follow. This group is responsible for all the security functions of both Apple devices and operating systems. A division of this kind has existed for decades within the Apple company, but the “SEAR” approach in which security is understood as a foundational and architectural element of systems is a more recent paradigm (also for other companies).
Safety for everyone
The turning point came about twenty years ago with the development of the iPhone, Apple explains. At that moment it became clear that an “internet communicator” that would potentially end up in the pockets of millions of people (today already billions) would need next-generation security solutions, suitable for the masses. It was no longer about keeping a PC safe on a desk, but a constantly connected computer to carry in your pocket.
From the popularization of the access PIN, which at the time was not perceived as a minimum security requirement, to the development of biometric solutions such as Touch ID and Face ID, passing through the more recent diffusion of end-to-end encryption on most of the data that they pass through the devices: over the years the SEAR team has been behind all this and much more. The result is a popularization and growth in importance of security and privacy, two elements which (also thanks to a large contribution from the marketing and communications divisions) have now become fundamental values associated with the Apple brand.
Over the last few years, the SEAR team’s work has gone beyond the development of security solutions aimed at the general public and, with a solid foundation, has begun to focus on advanced solutions for a smaller group of users who are subject to threats and much more targeted and effective attacks. Lockdown Mode was born from the need to protect journalists, diplomats, activists and high-risk individuals from attacks, often attributable to entire state espionage apparatuses. The feature locks iPhone and iPad to drastically reduce any possible attack surface by limiting some features and connectivity options of the devices. Arriving for the first time with iOS 16, Lockdown Mode has been updated to be even more secure with iOS 17. According to industry researchers, it is effective against advanced attack systems such as Pegasus, the highly advanced spyware that NSO Group sells to governments and militaries half the world. By Apple’s own admission, the vast majority of users will never need to activate Lockdown Mode, which is instead designed for a very small circle of potential targets for advanced attacks. But why so much attention to the security of such a small group of users?
«We developed Lockdown Mode because it was the right thing to do», Ivan Krstic, Head of Security Engineering and Architecture at Apple, explains to Italian.Tech. After studying at Harvard and starting out for Nicholas Negroponte’s OLPC, Krsti? he arrived in Cupertino in 2009 and has led the operations of the SEAR division since 2015. «We believe that journalists, activists, diplomats and other people working to make the world a better place deserve the ability to use their devices and the Internet safely. Even though their needs are different from those of most other users, we think that offering them this ability to defend themselves from targeted attacks is very important.”
The Digital Markets Act and security
However, the Lockdown Mode, the security functions and the advanced research of the Paris laboratory represent only one aspect of the approach to the security of Apple devices. The other is the closed and controlled nature of the App Store: all apps that are installed on the device must pass a verification and control system that eliminates many of the risks of a completely open system. Critics of Apple’s trade policy and competitors who would like to control alternative distribution markets for iPhone and iPad have for years denounced the anti-competitive nature of the so-called “walled garden” of the App Store. Apple argues that users still have the choice not to buy an Apple device if they don’t want to abide by these restrictions.
A line which, however, did not convince the European Union: the Digital Markets Act (DMA), the legislation created to harmonize the rules of digital markets in member countries, established that Apple will no longer be able to limit the installation of external applications via the App Store screening. The company will have to leave users free to easily install unapproved apps and allow the existence of alternative App Stores.
The deadline for Apple to comply with the DMA is set for March 2024. If on the one hand the rationale that wants to impose greater competitiveness on iOS is understandable, on the other it is understandable that the practice of “sideloading”, i.e. the possibility of installing apps do not verify, worry the company’s security division. “The advanced security mechanisms that we integrate into devices, including those that we study here in Paris, are to be considered as the last line of defense,” explains Krstic. «Malware on other platforms often works by tricking users into giving access to private information. These types of attacks are not possible on iOS due to the application review process because everything the app claims must be reflected in what the app actually does. In this way the vast majority of malware simply cannot work.”
Apple is already working to comply with the requests of the European Union. According to the most recent rumors, the opening to sideloading will come with some kind of iOS update in the spring. The possibility that this version of the software will be distributed only to European users is very high and the head of security also indirectly confirms this. “I can’t share the details with you today, but I can say that we will work very, very hard to try to alleviate some of the concerns that come with opening up the system,” Krstic tells us during the visit to the Paris laboratory. And then he concludes: «Despite this, our fear is that in the future Apple users outside the EU will simply enjoy a higher level of security on iPhone and iPad than European citizens».