Organisations at risk from lack of Apple security skills

Hal Pomeranz, technical lead at Deer Run Associates, believes there remains a major shortage of forensics investigators with Apple skills

A major shortage of forensic investigators with Apple skills could put companies at risk.

Hal Pomeranz, founder and technical lead of Deer Run Associates, believes there remains a major shortage of forensics investigators with skills around Apple-based technologies.

Although applications should only be able to run on Apple systems if they have been approved by Apple, there have been a number of instances where security researchers demonstrated how to circumvent Apple security.

In August 2013 a team of researchers at the University of Georgia  published a paper showing how an app containing hidden malicious code passed Apple’s app review process. The app communicated using an encrypted protocol to bypass Apple’s security.

In 2011, ex-NSA security researcher Charles Miller created a fake stock ticker app for the iPhone that was approved by Apple.

More articles on Apple security

Among the challenges for security experts coming from a Windows background is that Mac OS X is based on BSD Unix. There is also a lack of cross-platform security tools that work on both operating systems.

Pomeranz said: "Most investigators will come across an Apple or iOS device at some point in their careers and there are some major differences compared to Windows machines that are essential to understand to allow for successful forensics and evidence collection."

"Apple does not release a great deal of information around its operating systems and this effectively assembles a lot of the insights and tools that researchers have gathered into a single source to help students quickly build skills that can be used in the real world."

The Sans Institute is running a course on Mac Forensic Analysis on September 8 2014, which aims to introduce Windows experts to digital forensic on Apple devices such as Mac OS and iOS.

Read more on Endpoint security