Skip to main content

Apple’s security trumps Microsoft and Twitter’s, say feds

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Apple's Craig Federighi speaking about macOS security at WWDC 2022.
Apple

Easterly gave the example of Apple’s iCloud security practices, which enable multi-factor authentication (MFA) by default. As a result, 95% of iCloud users have MFA switched on, greatly improving security.

Multi-factor authentication means a unique code is sent to a separate device from the one that is attempting to log in, which can help to thwart hackers who may have gained access to a single device. Easterly said the high rate of iCloud MFA adoption was due to Apple’s proactive approach of “taking ownership for the security outcomes of their users.”

In contrast, Easterly said that companies like Microsoft and Twitter had much lower rates of MFA adoption (only 3% of users in Twitter’s case) and that this was “disappointing.”

‘Radical transparency’

Window's new Microsoft Security Experts program works to protect users from cybercrime using.
Windows

Microsoft and Twitter received praise for at least disclosing how many of their users had MFA enabled, even if it didn’t look great for the companies involved. “By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly explained. “More should follow their lead.”

That said, Twitter has just hidden SMS security authentication behind its Twitter Blue paywall, which could be seen as a backward step when it comes to making your Twitter account more secure. You can still enable Twitter MFA using a third-party authenticator app, though, which is more secure than SMS authentication anyway.

Aside from that, Easterly touched on the idea of new legislation, which should “prevent technology manufacturers from disclaiming liability by contract,” she said. Its goals should also include “establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”

Apple’s security prowess doesn’t just come from its enabling MFA by default. Apps are sandboxed so they can’t access critical parts of the operating system, while Apple chips contain a secure enclave to handle sensitive data. It looks like those protections and more convinced the U.S. government that Apple was worth singling out for praise.

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more