Apple's New "Security as a Feature" Model

Apple has begun fully embracing the “Mac is more secure” idea and even going as far as to imply that security is a feature for Apple. It’s certainly been on my mind since before WWDC 2019, because of the changes Apple was making to it’s hardware that took giant steps into crucial physical security improvements. It was especially interesting to me that Apple decided to remove the hardware debug port that could be used for data recovery; while this makes sense for utmost security it sacrifices what many people consider important functionality to improve security.

Digital Security

Apple has been making moves to block tracking, fingerprinting, etc. with all of it’s software products for a little while now and they continue to surprise me with their interesting features that are hugely beneficial to privacy. A good example of this is the “Signin with Apple” feature just announced at WWDC’19. One of the key components to this is that now (hopefully) we will have an alternative to things like Facebook and Google login which like to track you around the web in many intrusive ways, I’ll have to do a post about that at some point as well. This system also allows you to use what’s basically a fake email address when you sign up that forwards email to your real email address so that you don’t have to give out that information to every service you sign up for, and let’s be honest almost every service requires some level of signup nowadays wether it’s really nessicary or not.

T2 Chip

The introduction of the Apple T2 Security Chip creates a very hard to break layer of hardware security on top of the already implemented software security such as full disk encryption. It’s likely the reason for the removal of the debug port as well. This piece of hardware does a lot of security tasks such as managing your encrypted storage and Secure Boot. Having this chip inside of your device means that anyone trying to gain access to your data would have to have access to the T2 chip from the original device as well. The even larger security benefit here is that, since Apple now ships many of it’s devices with storage that cannot be easily physically removed from the device, the process of recovering data from a device with the T2 chip becomes extremely difficult and therefore thwarting many potential intruders. Think about the task of breaking into the data from a hardware perspective, you would need to desolder the T2 chip, desolder the M.2 SSD, figure out a tool or design your own tool to interface with the T2 chip at a basic level and try dumping the T2 into some other medium for forensic analysis just to even attempt to get the keys you would need to get into the data on the drive in the target device.

Secure Boot

With the T2 chip came some changes to macOS’s Boot process enabling Secure Boot which only allows certain “trusted” operating systems to boot on the device. Better yet the Secure Boot system in macOS ships by default with maximum security already setup. This means that by default every Mac with a T2 chip cannot boot from external media. External media presents a huge risk to physical device security since it could be used to gain access to the existing system, bypass security measures or even just to help brute force in to the exsisting encryption passwords. Since the Mac, by default, can’t boot from external drives it completely disables that potential hole in the device’s security.

As a Mac user and someone that’s really interested in physical and digital security I’m excited to see Apple moving in this direction and really pushing this as a standard for all of their products. I hope that they continue to not only talk about being a security focused company but also continue to prove it to their customers.