Apple to Make Unprecedented Appearance at Black Hat
Jul 25, 2012 3:58 PM PT
For years, Apple has been able to avoid the bad press about malware infections that has dogged rival Microsoft, but that's changed in recent times, which it may be why the company is participating this week in a high visibility security conference being held in Las Vegas.
Apple Platform Security Manager Dallas DeAtley is scheduled to speak at Black Hat 2012 Thursday about key security technologies in the company's mobile operating system, iOS.
The talk will be especially timely. Last week, Apple had to plug a security hole in its in-app purchasing technology that allowed iOS users, with the help of a Russian hacker, to buy items from inside applications without paying for them.
Why is DeAtley appearing at a conference that includes sessions like "iOS Kernel Heap Armageddon Revisited" and "The Dark Art of iOS Application Hacking?" An Apple spokesperson was not immediately available to answer that question, but some security experts offered opinons about it.
Age of Accountability
"This is a big step for Apple," Black Hat General Manager Trey Ford told MacNewsWorld.
"Historically, it didn't have conversations about security," he continued. "It communicated in that magic Apple way, 'Macs are secure.'"
That approach, for the most part, satisfied consumers, who yawn at the mention of security. In recent times, though, as Apple products penetrated the enterprise through flexible "Bring Your Own Device" policies, a change in approach has been necessary, Ford maintained.
"Apple has a legitimate run at gaining a stronger foothold in the enterprise," he observed. "So it's a very wise play on its part to communicate that it takes security seriously."
"The age of accountability is approaching [for Apple]," Ford continued. "Apple has seen some interesting challenges and it's working hard to communicate that it's doing due diligence."
"That's part of the power of Apple -- how it communicates and manages expectations and people's perspective of its brand," he added.
Scotched By Marketing
It's that kind of brand management that cut short Apple's first scheduled appearance at Black Hat four years ago during the Steve Jobs regime.
Arrangements had been made for Apple's security engineering team to appear at a public discussion on the company's security practices. "Once [Apple's] marketing organization heard about it, they stopped it very quickly," Ford explained.
"Apple marketing is a pretty airtight system," he added. "They're very careful about what's said about their organization."
No doubt, recent security snafus that have grabbed headlines influenced Apple's decision to make its first appearance at Black Hat, according to BitDefender Chief Security Researcher Alexandru Catalin Cosoi.
Smarting From Malware
"Apple's message as recently as seven months ago was 'If you want a system that's virus free, you should go for Mac OS X or iOS," Cosoi told MacNewsWorld.
Now Apple has changed its tune and is recommending its users install a security solution on their Macs, he noted.
"I'm guessing it's focusing more on security, especially since it had two big malware incidents this year, which affected a huge number of computers," added Cosoi.
In addition to the in-app purchasing attack, Apple computers were targeted by the Flashback Trojan earlier this year.
That malware, which infected from 600,000 to 700,000 Macs before it was reined in, exploited two vulnerabilities found in the version of Java used by Apple machines. The vulnerabilities had been patched on Windows machines, but Apple was tardy in moving the patches to its users, and hackers exploited the situation.
Macs Make Rich Targets
Although Apple's share of the PC market is small compared to Microsoft's, Apple users, especially in the business world, are prime targets for cybertrolls seeking information that can be converted to cash.
"Many managers in companies use the Mac OS," Cosoi said. "So if you manage to infect one of those systems, you usually have access to very sensitive data."
Increased interest in iOS by the security industry -- there will be three other talks on the subject in addition to DeAtley's -- may also be influencing Apple's decision to show up at Black Hat, Cosoi reasoned.
"Since the industry is focusing on iOS security," he said, "then Apple has to show up, answer questions and show that it's interested in doing something about it."