September 14, 2025 • 17 mins
In this episode, we're diving deep into Apple's groundbreaking Memory Integrity Enforcement (MIE), an unprecedented effort poised to redefine the landscape of mobile security, and we'll also explore the broader spectrum of threats targeting the iOS ecosystem.
Apple's Memory Integrity Enforcement (MIE) is the culmination of a half-decade of intensive design and engineering, combining the unique strengths of Apple silicon hardware with advanced operating system security. Apple believes MIE represents the most significant upgrade to memory safety in the history of consumer operating systems. This comprehensive, always-on protection is designed to provide industry-first memory safety across Apple devices, all without compromising device performance.
The Driving Force: Combating Mercenary Spyware While the iPhone has never experienced a successful, widespread malware attack, Apple's focus for MIE is primarily on the mercenary spyware and surveillance industry. These highly sophisticated threats, often associated with state actors, utilize exploit chains that can cost millions of dollars to target a small number of specific individuals. A common denominator in these advanced attacks, whether targeting iOS, Windows, or Android, is their reliance on memory safety vulnerabilities. MIE aims to disrupt these highly effective exploitation techniques that have been prevalent for the last 25 years.
How MIE Works: A Three-Pronged Defense MIE is built on a robust foundation of hardware and software innovations:
1. Secure Memory Allocators: Apple's efforts in memory safety include developing with safe languages like Swift and deploying mitigations at scale. Key to MIE are its secure memory allocators, such as kalloc_type (introduced in iOS 15 for the kernel) and xzone malloc (for user-level in iOS 17), alongside WebKit's libpas. These allocators use type information to organize memory, thwarting attackers' goals of creating overlapping interpretations of memory to exploit use-after-free and out-of-bounds bugs.
2. Enhanced Memory Tagging Extension (EMTE): Building on Arm's 2019 Memory Tagging Extension (MTE) specification, Apple conducted deep evaluations and collaborated with Arm to address weaknesses, leading to the Enhanced Memory Tagging Extension (EMTE) specification in 2022. MIE rigorously implements EMTE in strictly synchronous, always-on mode, a crucial factor for real-time defensive measures in adversarial contexts. EMTE prevents common memory corruption types:
◦ Buffer Overflows: The allocator tags neighboring allocations with different secrets. If memory access spills over into an adjacent allocation with a different tag, the hardware blocks it, and the operating system can terminate the process.
◦ Use-After-Free Vulnerabilities: Memory is retagged when reused. If a request uses an older, invalid tag for retagged memory, the hardware blocks it. EMTE also specifies that accessing non-tagged memory from a tagged region requires knowing that region’s tag, making it harder for attackers to bypass EMTE.
3. Tag Confidentiality Enforcement: This critical component protects the implementation of Apple's secure allocators and the confidentiality of EMTE tags, even against side-channel and speculative-execution attacks. Apple's silicon implementation prevents tag values from influencing speculative execution, a vulnerability seen in other MTE implementations. Furthermore, MIE addresses Spectre variant 1 (V1), a speculative-execution vulnerability, with a mitigation designed for virtually zero CPU cost, making it impractical for attackers to leak tag values and guide attacks.
Impact and Availability Memory Integrity Enforcement is built right into Apple hardware and software in all iPhone 17 and iPhone Air models, offering unparalleled, always-on memory safety protection for key attack surfaces, including the kernel and over 70 userland processes. Importantly, MIE was designed to deliver groundbreaking security with minimal performance impact, remaining completely invisible to users. Apple is also making EMTE available to all developers in Xcode as part of the new Enhanced Security feature. Extensive evaluations by Apple's offensive research team have confirmed that MIE dramatically reduces the exploitation strategies available to attackers, making it extremely difficult to rebuild exploit chains.
Beyond MIE: Other Threats to iOS Devices While MIE targets memory corruption, the iOS ecosystem faces a range of other threats:
• Application-Level Threats: These include various forms of malware, such as TouchID malware, Yispecter, and AceDeceiver, which exploit design flaws or trick users. More widespread are leaky applications (greyware), representing 61% of iOS apps, which legally collect a
Apple's Memory Integrity Enforcement (MIE) is the culmination of a half-decade of intensive design and engineering, combining the unique strengths of Apple silicon hardware with advanced operating system security. Apple believes MIE represents the most significant upgrade to memory safety in the history of consumer operating systems. This comprehensive, always-on protection is designed to provide industry-first memory safety across Apple devices, all without compromising device performance.
The Driving Force: Combating Mercenary Spyware While the iPhone has never experienced a successful, widespread malware attack, Apple's focus for MIE is primarily on the mercenary spyware and surveillance industry. These highly sophisticated threats, often associated with state actors, utilize exploit chains that can cost millions of dollars to target a small number of specific individuals. A common denominator in these advanced attacks, whether targeting iOS, Windows, or Android, is their reliance on memory safety vulnerabilities. MIE aims to disrupt these highly effective exploitation techniques that have been prevalent for the last 25 years.
How MIE Works: A Three-Pronged Defense MIE is built on a robust foundation of hardware and software innovations:
1. Secure Memory Allocators: Apple's efforts in memory safety include developing with safe languages like Swift and deploying mitigations at scale. Key to MIE are its secure memory allocators, such as kalloc_type (introduced in iOS 15 for the kernel) and xzone malloc (for user-level in iOS 17), alongside WebKit's libpas. These allocators use type information to organize memory, thwarting attackers' goals of creating overlapping interpretations of memory to exploit use-after-free and out-of-bounds bugs.
2. Enhanced Memory Tagging Extension (EMTE): Building on Arm's 2019 Memory Tagging Extension (MTE) specification, Apple conducted deep evaluations and collaborated with Arm to address weaknesses, leading to the Enhanced Memory Tagging Extension (EMTE) specification in 2022. MIE rigorously implements EMTE in strictly synchronous, always-on mode, a crucial factor for real-time defensive measures in adversarial contexts. EMTE prevents common memory corruption types:
◦ Buffer Overflows: The allocator tags neighboring allocations with different secrets. If memory access spills over into an adjacent allocation with a different tag, the hardware blocks it, and the operating system can terminate the process.
◦ Use-After-Free Vulnerabilities: Memory is retagged when reused. If a request uses an older, invalid tag for retagged memory, the hardware blocks it. EMTE also specifies that accessing non-tagged memory from a tagged region requires knowing that region’s tag, making it harder for attackers to bypass EMTE.
3. Tag Confidentiality Enforcement: This critical component protects the implementation of Apple's secure allocators and the confidentiality of EMTE tags, even against side-channel and speculative-execution attacks. Apple's silicon implementation prevents tag values from influencing speculative execution, a vulnerability seen in other MTE implementations. Furthermore, MIE addresses Spectre variant 1 (V1), a speculative-execution vulnerability, with a mitigation designed for virtually zero CPU cost, making it impractical for attackers to leak tag values and guide attacks.
Impact and Availability Memory Integrity Enforcement is built right into Apple hardware and software in all iPhone 17 and iPhone Air models, offering unparalleled, always-on memory safety protection for key attack surfaces, including the kernel and over 70 userland processes. Importantly, MIE was designed to deliver groundbreaking security with minimal performance impact, remaining completely invisible to users. Apple is also making EMTE available to all developers in Xcode as part of the new Enhanced Security feature. Extensive evaluations by Apple's offensive research team have confirmed that MIE dramatically reduces the exploitation strategies available to attackers, making it extremely difficult to rebuild exploit chains.
Beyond MIE: Other Threats to iOS Devices While MIE targets memory corruption, the iOS ecosystem faces a range of other threats:
• Application-Level Threats: These include various forms of malware, such as TouchID malware, Yispecter, and AceDeceiver, which exploit design flaws or trick users. More widespread are leaky applications (greyware), representing 61% of iOS apps, which legally collect a
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome to Upwardly Mobile API and App Security.
Speaker 2 (00:03):
I'm George and I'm Sky.
Speaker 1 (00:04):
We're your guides navigating the really complex world of mobile
app development and API security.
Speaker 2 (00:10):
Yeah, it's constantly shifting, exactly.
Speaker 1 (00:13):
And today we're zeroing in on well a crucial mission
dissecting the evolving threats that are constantly challenging our mobile.
Speaker 2 (00:20):
Apps and importantly spotlighting the innovative solutions protecting them. And
today is, let's face it, pretty dynamic digital landscape.
Speaker 1 (00:28):
This isn't just theory, right, It's about real world defense
for your creations. Yeah, and this episode is proudly brought
to you by Approved Mobile Security.
Speaker 2 (00:37):
They're really the gold standard in mobile app attestation and
API security definitely. So yeah, today we'll be exploring why
even those seemingly robust, you know, built in protections from
platforms like iOS might not actually be enough on their
own right, and then we'll peel back the layers, look
at the advanced technique, some groundbreaking developments designed to safeguard
your whole mobile ecosystem.
Speaker 1 (00:58):
Our goal, as always is to equip you, whether you're
an iOS, Android, Harmonos developer, maybe a security pro or
just keen on tech with the essential knowledge to stay well,
not just caught up, but really ahead of the curve
on cyber threats.
Speaker 2 (01:16):
Absolutely, staying ahead is key.
Speaker 1 (01:18):
Okay, So let's unpack this right from the start. There's
this uh long held perception, hasn't there been, especially for
us building mobile stuff. Yeah, definitely that platforms like iOS
are just inherently more secure. But is that really true
when we talk mobile app and API security or is
it you know, maybe a bit of a comforting myth.
Speaker 2 (01:37):
Well, it's a perception with some basis in reality, but yeah,
it doesn't tell the whole story. I mean, iOS does
offer real advantages like Apple speed with security patches and
their stricter app store controls for sure, Okay, but that
absolutely doesn't make it immune, not at all. In fact,
because it's so widespread, and think about all the sensitive
corporate and personal data on these devices now huge amounts,
(01:59):
iOS is actually a really valuable target for cyber criminals.
So to get a handle on it, we really need
to look at three main threat categories, which are threats
targeting the application itself, those exploiting network weaknesses, and then
the ones that go after the device like at the
OS level.
Speaker 1 (02:17):
Okay, that breakdown makes sense. And applications, that's where it
gets really interesting for developers, right. Oh, absolutely, We spend
something like ninety percent of our mobile time inside apps.
So that makes them the primary way in for attackers,
doesn't it?
Speaker 2 (02:30):
It really does. They are the front line.
Speaker 1 (02:32):
So what are the biggest app level vulnerabilities we're seeing
on iOS specifically?
Speaker 2 (02:37):
Right? So when we talk app level threats, it's really
important to distinguish between actual malware, okay, and what people
often call leaky applications or greywaar. Now, the ratio of
iOS apps with traditional malware is much lower than Android.
Some reports say zero point one one percent versus maybe
eight point nine percent for Android.
Speaker 1 (02:56):
Wow, that's a big difference, it is.
Speaker 2 (02:57):
But iOS malware still exists and it can hit even
non jail broken devices.
Speaker 1 (03:03):
Right, that's the key part. Can you give us some
concrete examples? What should we be aware of?
Speaker 2 (03:07):
Sure, we've seen things like the touch id malware. These
were apps disguised as fitness tools like Fitness Balance or
Calories Tracker.
Speaker 1 (03:16):
Okay, sounds harmless.
Speaker 2 (03:17):
Enough, Yeah, but they tricked users into approving payments via
misleading pop ups, often hitting credit cards linked to their app.
Store account pretty sneaky.
Speaker 1 (03:26):
Very what else? Then?
Speaker 2 (03:27):
There was yes, specter that one abused private iosapis to download, launch,
even hijack other apps and send device data off to
remote servers. And aceceiver exploited a flaw in Apple's fair
Play DRM to steal Apple IDs and passwords. So you
know attackers are resourceful.
Speaker 1 (03:45):
Clearly, Yeah, those are definitely not features anyone wants. But
you also mentioned leaky applications are grayware. How are they
different and why are they such a persistent problem?
Speaker 2 (03:55):
Ah? Yes, this category. Honestly, it's often the more insidious threat,
and it's definitely the most widespread app related issue. We're
talking a staggering sixty one percent of iOS applications fall
into this category.
Speaker 1 (04:08):
Somehow, sixty one percent. That's huge, it is.
Speaker 2 (04:11):
And these apps aren't malicious in the classic sense like
trying to break your device or steal your login details directly.
Speaker 1 (04:18):
So what do they do instead?
Speaker 2 (04:20):
They Well, they legally collect information that's often totally unnecessary
for the app to function, things like your precise location, contacts, photos,
even SMS messages.
Speaker 1 (04:30):
Based on permissions.
Speaker 2 (04:31):
We grant exactly permissions you the user granted, maybe without
quite realizing the full implications, and then this data gets
silently forwarded to marketing networks, data brokers, maybe uncertified servers.
Speaker 1 (04:43):
Somewhere, So hang on. The key insight here for developers
isn't just watching out for traditional malware. It's about rigorously
questioning what legitimate data your app actually needs right and
then being super careful about how it's handled in where it.
Speaker 2 (04:59):
Goes precise because that's where over sixty percent of the
current iOS app level threat is really hiding, often in
plain sight.
Speaker 1 (05:06):
It really highlights how sometimes the biggest threats aren't these
dramatic malware attacks we hear about, but this quiet, constant
siphoning of data by apps we think we trust. It's
like a privacy death by a thousand paper cuts, isn't it.
Speaker 2 (05:21):
That's a great way to put it. And the challenge
for security pros is huge because these apps don't have
a viral signature. There's no obvious abnormal behavior for traditional
av or score based tech to flag.
Speaker 1 (05:33):
Because they operate within the permissions.
Speaker 2 (05:35):
Given exactly, so they're really hard to detect. And this
creates massive problems for data privacy regulations. You know, organizations
struggle to stop data leaking out through these seemingly harmless apps.
Speaker 1 (05:46):
That's a massive blind spot, especially with user consent involved,
even if it's not fully informed consent.
Speaker 2 (05:51):
Okay, let's shift focus a bit. What about threats external
to the app? How are networks and the devices themselves
being targeted?
Speaker 1 (05:58):
Yeah, connecting this to the big your picture. These network
and device level threats really show that iOS isn't in
some kind of protected bubble. So on the network side,
man in the middle attacks MITM, they're a constant danger.
With remote work booming, more people use public Wi.
Speaker 2 (06:14):
Fi, which is often unprotected exactly, making it easier for
attackers to intercept or even alter communication. They use techniques
like IPARP or DNS spoofing. Then you've got rogue cell towers.
These can trick any mobile device iOS included into connecting.
Then they can intercept calls, SMS data. They're used for botnets,
(06:35):
smishing campaigns.
Speaker 1 (06:36):
And speaking of smishing, yeah, phishing.
Speaker 2 (06:38):
And smishing are still the number one detected network threat
on mobile and get this, eighty five percent of it
now happens through mobile applications.
Speaker 1 (06:46):
Eighty five percent.
Speaker 2 (06:47):
Yeah, it's cheap, it's effective, luring users to bad links
via emails, texts, pop ups. The key takeaway iOS is
just as exposed to these network threats as any other OS.
The platform itself doesn't inherently shield you from external network interception.
Speaker 1 (07:03):
That's a really crucial point. We often focus too much
on just the device, So what about those device level threats? Then?
Beyond the apps and the network.
Speaker 2 (07:11):
Device level threats are also significant, though. Yeah, they often
need more attacker resources and time, even with Apple patching quickly.
Security holes are found in iOS regularly, no once they're public.
Exactly once an OS vulnerability is disclosed, attackers can target
devices that haven't been updated yet, potentially gaining deep access
to data. We saw this with the Pegasus spyware a
few years back. I remember that it exploited three critical
(07:34):
iOS flaws to read messages, track calls, grab passwords, scoop
up app data. These exploits can be short lived because
Apple updates frequently, but when they work, they're incredibly powerful.
We've definitely seen patch frequency increase since twenty eleven. It's
a constant arms race, and beyond official OS bugs, you've
got jailbroken device exploits. That's a big risk, especially in
(07:55):
companies where maybe up to six percent of devices or
jail broken. Removing iOS limits just week in security makes
it easier for bad apps, that makes sense. And lastly,
unmanaged or malicious configuration profiles. People install these for things
like VPNs, right, but a malicious profile can be set
up to route all your network traffic through the attacker server.
Total data exposure, privacy crushed.
Speaker 1 (08:17):
Okay, So if we're constantly fighting these sophisticated threats application network,
device level, each one persistent, often invisible, it really begs
the question, what's the cutting edge of defense? What tackles
these deep vulnerabilities fomentally? And this brings us to something
significant from Apple Memory Integrity Enforcement or MIE, described as
(08:39):
a culmination of like a half decade of engineering. What
does this mean for the future of mobile security?
Speaker 2 (08:45):
Yeah, MI is fascinating. It's being called an industry first,
always on emery safety protection. What's unique is how it
combines Apple silicon hardware with advanced OS security and its
main target sophisticated mercenary spyware, the kind that often expl
Light's memory safety bugs and costs millions to develop. Apple's
essentially saying this is the biggest upgrade to memory safety
(09:06):
ever in consumer operating systems. It's about building security right
into the foundation.
Speaker 1 (09:10):
That's a pretty bold claim, most significant upgrade, But you know,
security is always an arms race. MIE sounds powerful, incredibly so,
but are there theoretical limits or does this just shift
where attackers focus next? Is it a silver bullet or
just raising the bar significantly?
Speaker 2 (09:27):
That's a really sharp point, and no, it's definitely not
a complete panacea. While MIE makes memory corruption exploits vastly,
vastly harder, attackers will inevitably shift. They'll focus more on
social engineering, phishing, perhaps logic flaws and acts that aren't
related to memory safety. So MIE redefines the battlefield for
one major class of exploit, makes it much harder, but
(09:50):
the game definitely continues elsewhere. It's about a much stronger foundation,
not ending the race.
Speaker 1 (09:56):
Understood, So it raises the bar maybe quite high, but
doesn't eliminate the threat landscape entirely. Yeah, given that, can
you give us some historical context? What were the building
blocks Apple put in place before am I E.
Speaker 2 (10:06):
Apple's approach here has been broad and long term. It
includes things like encouraging development and safe languages like Swift
for new code deploying, secure memory allocators like calloc type
for the kernel back in iOS fifteen and its user
space equivalent axone Malik and iOS seventeen. These allocators use
type information to arrange memory, which inherently makes many memory
(10:28):
corruption bugs much harder for attackers to exploit.
Speaker 1 (10:31):
Okay, so improvements at the allocation level.
Speaker 2 (10:33):
Exactly, and even further back twenty eighteen a twelve bionic chip,
Apple was first to deploy pointer authentication codes. This significantly
up the complexity for exploits by protecting code flow integrity.
The successive pack really showed that this deep hardware software
security integration was the way forward.
Speaker 1 (10:51):
So not just one big lead, but interconnected innovations building up.
Let's dive deeper into the tech itself. What exactly is
ARMS Memory Tagging Extension and how did Apple refine it
into EMT for this real time defense?
Speaker 2 (11:04):
Okay? So, ARM published the original MT spec back in
twenty nineteen. Primarily it was a hardware tool to help
developers find memory bugs.
Speaker 1 (11:11):
How's it work?
Speaker 2 (11:12):
It tags each memory allocation with a small pseudorandom secret
a tag. Hardware then checks that any access to that
memory includes the correct secret tag. If the tags don't match,
the app crashes immediately, pinpointing the bug.
Speaker 1 (11:26):
Okay, so good for debugging, right, But.
Speaker 2 (11:28):
Apple evaluated it rigorously and found that for real time
defense against sophisticated attackers, the original MTE had weaknesses potential bypasses,
so they collaborated with ARM to fix these, resulting in
the new Enhanced Memory Tagging Extension EMTESPEC in twenty twenty two. Crucially,
Apple committed to a strictly synchronous, always on implementation that
(11:50):
demands deep hardware and OS integration to run constantly without
messing up user experience, which really sets it apart.
Speaker 1 (11:57):
That sounds like a massive undertaking getting hardware and software
to work together that seamlessly. Could you break down mis components?
How do they actually stop attacks? Maybe use an analogy
to make it clearer.
Speaker 2 (12:07):
Sure thing MIE rests on three main pillars. First, those
secure memory allocators we mentioned caloc type exone, MALLEK, WebKit, slippus.
They aren't just dumb allocators, They're smart. They use type
info to organize memory, stopping attackers from controlling where things
get allocated, which is key for exploding use after free
or out of bounds bugs.
Speaker 1 (12:29):
Like labeled boxes in a warehouse.
Speaker 2 (12:31):
Exactly like having specific labeled boxes for different item types
makes it way harder to jam a big item in
a small box or mess with the box already reused
for something else. The second pillar is e MT and
synchronous mode okay for buffer overflows. Picture memory blocks as
different colors red, blue, green, each with a unique secret tag.
The allocator gives neighboring blocks different tags. If code tries
(12:54):
to write past the end of a blue block into
the adjacent red one.
Speaker 1 (12:56):
The hardware sees the tag mismatch.
Speaker 2 (12:58):
BINGO hardware sees the miss match, blocks the access instantly,
and the OS terminates.
Speaker 1 (13:02):
The process zap in for use after.
Speaker 2 (13:05):
Free similar idea. When a memory block, say blue, is
freed and then reused for something new, it immediately gets
retagged with a new color, maybe yellow. If an attacker
later tries to use an old pointer, still point into
that memory with the old blue tag blocked again, blocked again.
Hardware mismatched detection and a key enhancement in EMTE is
(13:25):
closing a loophole. Now even accessing non tagged memory from
a tagged region requires knowing that region's tag. This stops
attackers bypassing protection by fiddling with non tagged global variables,
and the third pillar tag confidentiality enforcement. This is vital.
It protects the allocators and the EMTE tags themselves from
(13:46):
really advanced threats like what kind of thoughts, things like
side channel attacks where attackers watch power use or timing
to infer secrets, or speculative execution attacks where the CPU
guesses ahead and might accidentally.
Speaker 1 (13:57):
Leak data right specter and meltdown type vulnerabilities exactly.
Speaker 2 (14:02):
Apple Silicon was specifically designed so tag values cannot influence
speculative execution. That's a critical difference compared to say MTE
on Google Pixel devices, which have been shown vulnerable to
attacks like sticky tags and tiktag that leak tags via speculation.
Speaker 1 (14:18):
How else do they protect the attacks They.
Speaker 2 (14:20):
Frequently resee the pseudorandom generators, making tags harder to predict
and really notably, they developed a unique low cost mitigation
for spector v one, a specific speculative attack, limiting its
reach so it's basically impractical for attackers to leak MT
tag values this way. That was a huge challenge for
consumer oss before.
Speaker 1 (14:40):
What's truly impressive here is just the sheer scale of
this engineering effort, hardware os, offensive security research all working together.
So what does this all mean for the attackers and
crucially for you listening as a mobile developer.
Speaker 2 (14:51):
The immact on attackers looks profound. Apple's own offensive security
team spent years from twenty twenty to twenty twenty five
trying to break mie red, teaming their own exactly and
their findings. Mie vastly reduces the exploitation strategies available to attackers.
Exploit chains become way more expensive, much harder, more fragile.
It often snaps attacks right at the beginning. It's not
(15:13):
just fixing bugs, it's fundamentally changing the memory safety game.
Attackers hit this wall very early now, and for developers
this is really exciting. EMTE is now available to all
Apple developers, writ in xcode. It's part of a new
enhanced security feature.
Speaker 1 (15:29):
So developers can start using it now.
Speaker 2 (15:31):
Yes, you can begin testing and integrating these protections into
your own apps. Especially think about apps likely to be
entry points, social media, messaging apps, that sort of thing.
This huge investment in the A nineteen and A nineteen prochips,
this tight hardware s design delivers groundbreaking security, but with
minimal performance. Hit and it's totally invisible to the end user.
Speaker 1 (15:51):
We've covered a huge amount today from those persistent varied
threats facing iOS apps, including that sneaky GRAYWAAR and network risks,
all the way to Apple's groundbreaking memory integrity enforcement. It
really feels like it changes the game for memory safety definitely.
Speaker 2 (16:05):
We've seen how comprehensive always on protection, deeply integrated across
hardware and software is really transforming mobile security thinking.
Speaker 1 (16:14):
So to wrap up, let's make this practical. What are
some actionable strategies for securing mobile app ecosystems?
Speaker 2 (16:21):
Okay, so, drawing from best practices for organizations where people
use iOS devices for work, implementing mobile threat defense MTD
solutions is really crucial if you're actually developing or distributing
apps iOS and Forward HarmonyOS, Integrating mobile application security testing
MAST early and often in your development cycle is key.
(16:42):
Catch things before.
Speaker 1 (16:43):
They ship makes sense shift left exactly.
Speaker 2 (16:45):
And for publishers whose apps run on unmanaged devices maybe
out in the wild on consumer phones, using INEPTP protection
IAP is vital. Look for capabilities like shielding run time protection,
maybe three hundred and sixty degree threat defense to stop
fraud and data theft right inside your app.
Speaker 1 (17:00):
That's incredibly practical advice, which leads us with a final
thought for you, our listener. Even with advanced platform security
like MIE making memory corruptions so much higher, what else
can you, as a developer or security pro do? How
do you fortify your apps against threats targeting user behavior,
or that legitimate but excessive data collection, or maybe new
(17:22):
vulnerabilities platforms haven't covered yet. How do these powerful new
tools like MIE empower your proactive security stance in this
constantly shifting digital world.
Speaker 2 (17:32):
That's a fantastic question to ponder. Thank you for joining
us today. This episode of Upwardly Mobile API and app
security was made possible by human research and assisted by AI.
Speaker 1 (17:41):
Until next time, stay secure,
Welcome to Upwardly Mobile API and App Security.
Speaker 2 (00:03):
I'm George and I'm Sky.
Speaker 1 (00:04):
We're your guides navigating the really complex world of mobile
app development and API security.
Speaker 2 (00:10):
Yeah, it's constantly shifting, exactly.
Speaker 1 (00:13):
And today we're zeroing in on well a crucial mission
dissecting the evolving threats that are constantly challenging our mobile.
Speaker 2 (00:20):
Apps and importantly spotlighting the innovative solutions protecting them. And
today is, let's face it, pretty dynamic digital landscape.
Speaker 1 (00:28):
This isn't just theory, right, It's about real world defense
for your creations. Yeah, and this episode is proudly brought
to you by Approved Mobile Security.
Speaker 2 (00:37):
They're really the gold standard in mobile app attestation and
API security definitely. So yeah, today we'll be exploring why
even those seemingly robust, you know, built in protections from
platforms like iOS might not actually be enough on their
own right, and then we'll peel back the layers, look
at the advanced technique, some groundbreaking developments designed to safeguard
your whole mobile ecosystem.
Speaker 1 (00:58):
Our goal, as always is to equip you, whether you're
an iOS, Android, Harmonos developer, maybe a security pro or
just keen on tech with the essential knowledge to stay well,
not just caught up, but really ahead of the curve
on cyber threats.
Speaker 2 (01:16):
Absolutely, staying ahead is key.
Speaker 1 (01:18):
Okay, So let's unpack this right from the start. There's
this uh long held perception, hasn't there been, especially for
us building mobile stuff. Yeah, definitely that platforms like iOS
are just inherently more secure. But is that really true
when we talk mobile app and API security or is
it you know, maybe a bit of a comforting myth.
Speaker 2 (01:37):
Well, it's a perception with some basis in reality, but yeah,
it doesn't tell the whole story. I mean, iOS does
offer real advantages like Apple speed with security patches and
their stricter app store controls for sure, Okay, but that
absolutely doesn't make it immune, not at all. In fact,
because it's so widespread, and think about all the sensitive
corporate and personal data on these devices now huge amounts,
(01:59):
iOS is actually a really valuable target for cyber criminals.
So to get a handle on it, we really need
to look at three main threat categories, which are threats
targeting the application itself, those exploiting network weaknesses, and then
the ones that go after the device like at the
OS level.
Speaker 1 (02:17):
Okay, that breakdown makes sense. And applications, that's where it
gets really interesting for developers, right. Oh, absolutely, We spend
something like ninety percent of our mobile time inside apps.
So that makes them the primary way in for attackers,
doesn't it?
Speaker 2 (02:30):
It really does. They are the front line.
Speaker 1 (02:32):
So what are the biggest app level vulnerabilities we're seeing
on iOS specifically?
Speaker 2 (02:37):
Right? So when we talk app level threats, it's really
important to distinguish between actual malware, okay, and what people
often call leaky applications or greywaar. Now, the ratio of
iOS apps with traditional malware is much lower than Android.
Some reports say zero point one one percent versus maybe
eight point nine percent for Android.
Speaker 1 (02:56):
Wow, that's a big difference, it is.
Speaker 2 (02:57):
But iOS malware still exists and it can hit even
non jail broken devices.
Speaker 1 (03:03):
Right, that's the key part. Can you give us some
concrete examples? What should we be aware of?
Speaker 2 (03:07):
Sure, we've seen things like the touch id malware. These
were apps disguised as fitness tools like Fitness Balance or
Calories Tracker.
Speaker 1 (03:16):
Okay, sounds harmless.
Speaker 2 (03:17):
Enough, Yeah, but they tricked users into approving payments via
misleading pop ups, often hitting credit cards linked to their app.
Store account pretty sneaky.
Speaker 1 (03:26):
Very what else? Then?
Speaker 2 (03:27):
There was yes, specter that one abused private iosapis to download, launch,
even hijack other apps and send device data off to
remote servers. And aceceiver exploited a flaw in Apple's fair
Play DRM to steal Apple IDs and passwords. So you
know attackers are resourceful.
Speaker 1 (03:45):
Clearly, Yeah, those are definitely not features anyone wants. But
you also mentioned leaky applications are grayware. How are they
different and why are they such a persistent problem?
Speaker 2 (03:55):
Ah? Yes, this category. Honestly, it's often the more insidious threat,
and it's definitely the most widespread app related issue. We're
talking a staggering sixty one percent of iOS applications fall
into this category.
Speaker 1 (04:08):
Somehow, sixty one percent. That's huge, it is.
Speaker 2 (04:11):
And these apps aren't malicious in the classic sense like
trying to break your device or steal your login details directly.
Speaker 1 (04:18):
So what do they do instead?
Speaker 2 (04:20):
They Well, they legally collect information that's often totally unnecessary
for the app to function, things like your precise location, contacts, photos,
even SMS messages.
Speaker 1 (04:30):
Based on permissions.
Speaker 2 (04:31):
We grant exactly permissions you the user granted, maybe without
quite realizing the full implications, and then this data gets
silently forwarded to marketing networks, data brokers, maybe uncertified servers.
Speaker 1 (04:43):
Somewhere, So hang on. The key insight here for developers
isn't just watching out for traditional malware. It's about rigorously
questioning what legitimate data your app actually needs right and
then being super careful about how it's handled in where it.
Speaker 2 (04:59):
Goes precise because that's where over sixty percent of the
current iOS app level threat is really hiding, often in
plain sight.
Speaker 1 (05:06):
It really highlights how sometimes the biggest threats aren't these
dramatic malware attacks we hear about, but this quiet, constant
siphoning of data by apps we think we trust. It's
like a privacy death by a thousand paper cuts, isn't it.
Speaker 2 (05:21):
That's a great way to put it. And the challenge
for security pros is huge because these apps don't have
a viral signature. There's no obvious abnormal behavior for traditional
av or score based tech to flag.
Speaker 1 (05:33):
Because they operate within the permissions.
Speaker 2 (05:35):
Given exactly, so they're really hard to detect. And this
creates massive problems for data privacy regulations. You know, organizations
struggle to stop data leaking out through these seemingly harmless apps.
Speaker 1 (05:46):
That's a massive blind spot, especially with user consent involved,
even if it's not fully informed consent.
Speaker 2 (05:51):
Okay, let's shift focus a bit. What about threats external
to the app? How are networks and the devices themselves
being targeted?
Speaker 1 (05:58):
Yeah, connecting this to the big your picture. These network
and device level threats really show that iOS isn't in
some kind of protected bubble. So on the network side,
man in the middle attacks MITM, they're a constant danger.
With remote work booming, more people use public Wi.
Speaker 2 (06:14):
Fi, which is often unprotected exactly, making it easier for
attackers to intercept or even alter communication. They use techniques
like IPARP or DNS spoofing. Then you've got rogue cell towers.
These can trick any mobile device iOS included into connecting.
Then they can intercept calls, SMS data. They're used for botnets,
(06:35):
smishing campaigns.
Speaker 1 (06:36):
And speaking of smishing, yeah, phishing.
Speaker 2 (06:38):
And smishing are still the number one detected network threat
on mobile and get this, eighty five percent of it
now happens through mobile applications.
Speaker 1 (06:46):
Eighty five percent.
Speaker 2 (06:47):
Yeah, it's cheap, it's effective, luring users to bad links
via emails, texts, pop ups. The key takeaway iOS is
just as exposed to these network threats as any other OS.
The platform itself doesn't inherently shield you from external network interception.
Speaker 1 (07:03):
That's a really crucial point. We often focus too much
on just the device, So what about those device level threats? Then?
Beyond the apps and the network.
Speaker 2 (07:11):
Device level threats are also significant, though. Yeah, they often
need more attacker resources and time, even with Apple patching quickly.
Security holes are found in iOS regularly, no once they're public.
Exactly once an OS vulnerability is disclosed, attackers can target
devices that haven't been updated yet, potentially gaining deep access
to data. We saw this with the Pegasus spyware a
few years back. I remember that it exploited three critical
(07:34):
iOS flaws to read messages, track calls, grab passwords, scoop
up app data. These exploits can be short lived because
Apple updates frequently, but when they work, they're incredibly powerful.
We've definitely seen patch frequency increase since twenty eleven. It's
a constant arms race, and beyond official OS bugs, you've
got jailbroken device exploits. That's a big risk, especially in
(07:55):
companies where maybe up to six percent of devices or
jail broken. Removing iOS limits just week in security makes
it easier for bad apps, that makes sense. And lastly,
unmanaged or malicious configuration profiles. People install these for things
like VPNs, right, but a malicious profile can be set
up to route all your network traffic through the attacker server.
Total data exposure, privacy crushed.
Speaker 1 (08:17):
Okay, So if we're constantly fighting these sophisticated threats application network,
device level, each one persistent, often invisible, it really begs
the question, what's the cutting edge of defense? What tackles
these deep vulnerabilities fomentally? And this brings us to something
significant from Apple Memory Integrity Enforcement or MIE, described as
(08:39):
a culmination of like a half decade of engineering. What
does this mean for the future of mobile security?
Speaker 2 (08:45):
Yeah, MI is fascinating. It's being called an industry first,
always on emery safety protection. What's unique is how it
combines Apple silicon hardware with advanced OS security and its
main target sophisticated mercenary spyware, the kind that often expl
Light's memory safety bugs and costs millions to develop. Apple's
essentially saying this is the biggest upgrade to memory safety
(09:06):
ever in consumer operating systems. It's about building security right
into the foundation.
Speaker 1 (09:10):
That's a pretty bold claim, most significant upgrade, But you know,
security is always an arms race. MIE sounds powerful, incredibly so,
but are there theoretical limits or does this just shift
where attackers focus next? Is it a silver bullet or
just raising the bar significantly?
Speaker 2 (09:27):
That's a really sharp point, and no, it's definitely not
a complete panacea. While MIE makes memory corruption exploits vastly,
vastly harder, attackers will inevitably shift. They'll focus more on
social engineering, phishing, perhaps logic flaws and acts that aren't
related to memory safety. So MIE redefines the battlefield for
one major class of exploit, makes it much harder, but
(09:50):
the game definitely continues elsewhere. It's about a much stronger foundation,
not ending the race.
Speaker 1 (09:56):
Understood, So it raises the bar maybe quite high, but
doesn't eliminate the threat landscape entirely. Yeah, given that, can
you give us some historical context? What were the building
blocks Apple put in place before am I E.
Speaker 2 (10:06):
Apple's approach here has been broad and long term. It
includes things like encouraging development and safe languages like Swift
for new code deploying, secure memory allocators like calloc type
for the kernel back in iOS fifteen and its user
space equivalent axone Malik and iOS seventeen. These allocators use
type information to arrange memory, which inherently makes many memory
(10:28):
corruption bugs much harder for attackers to exploit.
Speaker 1 (10:31):
Okay, so improvements at the allocation level.
Speaker 2 (10:33):
Exactly, and even further back twenty eighteen a twelve bionic chip,
Apple was first to deploy pointer authentication codes. This significantly
up the complexity for exploits by protecting code flow integrity.
The successive pack really showed that this deep hardware software
security integration was the way forward.
Speaker 1 (10:51):
So not just one big lead, but interconnected innovations building up.
Let's dive deeper into the tech itself. What exactly is
ARMS Memory Tagging Extension and how did Apple refine it
into EMT for this real time defense?
Speaker 2 (11:04):
Okay? So, ARM published the original MT spec back in
twenty nineteen. Primarily it was a hardware tool to help
developers find memory bugs.
Speaker 1 (11:11):
How's it work?
Speaker 2 (11:12):
It tags each memory allocation with a small pseudorandom secret
a tag. Hardware then checks that any access to that
memory includes the correct secret tag. If the tags don't match,
the app crashes immediately, pinpointing the bug.
Speaker 1 (11:26):
Okay, so good for debugging, right, But.
Speaker 2 (11:28):
Apple evaluated it rigorously and found that for real time
defense against sophisticated attackers, the original MTE had weaknesses potential bypasses,
so they collaborated with ARM to fix these, resulting in
the new Enhanced Memory Tagging Extension EMTESPEC in twenty twenty two. Crucially,
Apple committed to a strictly synchronous, always on implementation that
(11:50):
demands deep hardware and OS integration to run constantly without
messing up user experience, which really sets it apart.
Speaker 1 (11:57):
That sounds like a massive undertaking getting hardware and software
to work together that seamlessly. Could you break down mis components?
How do they actually stop attacks? Maybe use an analogy
to make it clearer.
Speaker 2 (12:07):
Sure thing MIE rests on three main pillars. First, those
secure memory allocators we mentioned caloc type exone, MALLEK, WebKit, slippus.
They aren't just dumb allocators, They're smart. They use type
info to organize memory, stopping attackers from controlling where things
get allocated, which is key for exploding use after free
or out of bounds bugs.
Speaker 1 (12:29):
Like labeled boxes in a warehouse.
Speaker 2 (12:31):
Exactly like having specific labeled boxes for different item types
makes it way harder to jam a big item in
a small box or mess with the box already reused
for something else. The second pillar is e MT and
synchronous mode okay for buffer overflows. Picture memory blocks as
different colors red, blue, green, each with a unique secret tag.
The allocator gives neighboring blocks different tags. If code tries
(12:54):
to write past the end of a blue block into
the adjacent red one.
Speaker 1 (12:56):
The hardware sees the tag mismatch.
Speaker 2 (12:58):
BINGO hardware sees the miss match, blocks the access instantly,
and the OS terminates.
Speaker 1 (13:02):
The process zap in for use after.
Speaker 2 (13:05):
Free similar idea. When a memory block, say blue, is
freed and then reused for something new, it immediately gets
retagged with a new color, maybe yellow. If an attacker
later tries to use an old pointer, still point into
that memory with the old blue tag blocked again, blocked again.
Hardware mismatched detection and a key enhancement in EMTE is
(13:25):
closing a loophole. Now even accessing non tagged memory from
a tagged region requires knowing that region's tag. This stops
attackers bypassing protection by fiddling with non tagged global variables,
and the third pillar tag confidentiality enforcement. This is vital.
It protects the allocators and the EMTE tags themselves from
(13:46):
really advanced threats like what kind of thoughts, things like
side channel attacks where attackers watch power use or timing
to infer secrets, or speculative execution attacks where the CPU
guesses ahead and might accidentally.
Speaker 1 (13:57):
Leak data right specter and meltdown type vulnerabilities exactly.
Speaker 2 (14:02):
Apple Silicon was specifically designed so tag values cannot influence
speculative execution. That's a critical difference compared to say MTE
on Google Pixel devices, which have been shown vulnerable to
attacks like sticky tags and tiktag that leak tags via speculation.
Speaker 1 (14:18):
How else do they protect the attacks They.
Speaker 2 (14:20):
Frequently resee the pseudorandom generators, making tags harder to predict
and really notably, they developed a unique low cost mitigation
for spector v one, a specific speculative attack, limiting its
reach so it's basically impractical for attackers to leak MT
tag values this way. That was a huge challenge for
consumer oss before.
Speaker 1 (14:40):
What's truly impressive here is just the sheer scale of
this engineering effort, hardware os, offensive security research all working together.
So what does this all mean for the attackers and
crucially for you listening as a mobile developer.
Speaker 2 (14:51):
The immact on attackers looks profound. Apple's own offensive security
team spent years from twenty twenty to twenty twenty five
trying to break mie red, teaming their own exactly and
their findings. Mie vastly reduces the exploitation strategies available to attackers.
Exploit chains become way more expensive, much harder, more fragile.
It often snaps attacks right at the beginning. It's not
(15:13):
just fixing bugs, it's fundamentally changing the memory safety game.
Attackers hit this wall very early now, and for developers
this is really exciting. EMTE is now available to all
Apple developers, writ in xcode. It's part of a new
enhanced security feature.
Speaker 1 (15:29):
So developers can start using it now.
Speaker 2 (15:31):
Yes, you can begin testing and integrating these protections into
your own apps. Especially think about apps likely to be
entry points, social media, messaging apps, that sort of thing.
This huge investment in the A nineteen and A nineteen prochips,
this tight hardware s design delivers groundbreaking security, but with
minimal performance. Hit and it's totally invisible to the end user.
Speaker 1 (15:51):
We've covered a huge amount today from those persistent varied
threats facing iOS apps, including that sneaky GRAYWAAR and network risks,
all the way to Apple's groundbreaking memory integrity enforcement. It
really feels like it changes the game for memory safety definitely.
Speaker 2 (16:05):
We've seen how comprehensive always on protection, deeply integrated across
hardware and software is really transforming mobile security thinking.
Speaker 1 (16:14):
So to wrap up, let's make this practical. What are
some actionable strategies for securing mobile app ecosystems?
Speaker 2 (16:21):
Okay, so, drawing from best practices for organizations where people
use iOS devices for work, implementing mobile threat defense MTD
solutions is really crucial if you're actually developing or distributing
apps iOS and Forward HarmonyOS, Integrating mobile application security testing
MAST early and often in your development cycle is key.
(16:42):
Catch things before.
Speaker 1 (16:43):
They ship makes sense shift left exactly.
Speaker 2 (16:45):
And for publishers whose apps run on unmanaged devices maybe
out in the wild on consumer phones, using INEPTP protection
IAP is vital. Look for capabilities like shielding run time protection,
maybe three hundred and sixty degree threat defense to stop
fraud and data theft right inside your app.
Speaker 1 (17:00):
That's incredibly practical advice, which leads us with a final
thought for you, our listener. Even with advanced platform security
like MIE making memory corruptions so much higher, what else
can you, as a developer or security pro do? How
do you fortify your apps against threats targeting user behavior,
or that legitimate but excessive data collection, or maybe new
(17:22):
vulnerabilities platforms haven't covered yet. How do these powerful new
tools like MIE empower your proactive security stance in this
constantly shifting digital world.
Speaker 2 (17:32):
That's a fantastic question to ponder. Thank you for joining
us today. This episode of Upwardly Mobile API and app
security was made possible by human research and assisted by AI.
Speaker 1 (17:41):
Until next time, stay secure,
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.