9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.
Apple has a reputation for prioritizing the privacy of its customers, and that commitment begins right at the chip design level.
Here’s a look at the eight layers of Apple security protecting the personal data stored on both your Apple devices and in iCloud …
1. Hardware security
Apple’s hardware security measures begin at the most basic level, with the Boot ROM found in all its chips. This is code that cannot be overwritten by anyone, not even Apple, and the company says this is what forms “the hardware root of trust.” The Boot ROM is responsible for verifying that only trusted OS software signed by Apple is allowed to load at startup.
The Secure Enclave (SE) is perhaps the best-known Apple security hardware. This is the chip used to store your device passcode or password, as well as the biometric data used for Face ID and Touch ID. Crucially, not even Apple’s own operating systems can access the data stored in the SE.
For example, when you use Face ID to unlock your iPhone, iOS asks the SE chip to verify your identity. The chip responds only with a ‘Yes’ or ‘No’ – it never reveals any of the data used to reach this conclusion. The SE chip has its own secure Boot ROM with exactly the same protections as the main processor.
Finally, user data is encrypted and decrypted on the fly using a very similar approach to the SE. Let’s say you use Touch ID on your Mac to open a locked Note. macOS asks the SE chip whether Touch ID confirmed your identity, and the chip says Yes. But it doesn’t end there: macOS still can’t access the content of the encrypted note itself, it instead asks a dedicated AES hardware engine to decrypt it.
So even within an A-series or M-series chip, there are multiple chips devoted to ensuring that not even the operating system can directly access your most sensitive data.
2. Operating system security
... continue reading