Why are Apple Computers Hard to Hack

No chance for hackers on the Mac!

The Mac and iPhone are generally considered to be extremely secure. Users often believe that viruses and serious vulnerabilities do not exist in Apple devices. Unfortunately, this assumption is simply wrong. Although macOS and iOS devices are less likely to be the target of hackers, they have also been affected by security vulnerabilities and bugs, especially recently. So take some time to read through this guide, which will give you all the information you need to keep your Apple fleet safe. And that both online and offline. Learn how to neutralize threats and make things harder for hackers.

Apple and security

Despite its long-standing reputation for seamless security, Apple has had to admit a number of embarrassing security concerns in the recent past. As a result, Apple's good reputation is crumbling.

For example, there have been several cases of simple text messages that crashed iPhones because they contained a glyph that the phone couldn't handle. Also, it has been found that the so-called root user on your Mac is easily accessible without a password, which can be a real threat to your computer as this user has all the rights to the system. And the Meltdown and Specter vulnerabilities showed that the Mac hardware is nowhere near infallible (although those vulnerabilities also affected Windows).

Apple does a lot for security

In fact, the most recent security risks were, in a sense, exceptions to the rule of Apple security. The fact that they preoccupied the news world for some time was due in part to the rarity of such serious attacks on Macs and iOS devices. However, it is still true that as an Apple user you are generally much more resistant to hacks, exploits and vulnerabilities than your friends on Android and Windows. To keep it that way, Apple is constantly working on its security functions.

The sandpit principle

One of the reasons for the improved security of Apple devices is the way macOS treats and installs apps, for example. Each app is there in what is known as a sandbox, which means that its permissions are severely limited to ensure that it only behaves as you expect it to. This makes it much more difficult for malicious code to exploit applications and put your computer at risk.

You can also see which apps can access certain areas of your computer very quickly and easily. For example, go to System Preferences> Security> Privacy> Location Services to see which applications are accessing your current location. The same information is available on the iPhone under “Settings”> “Data protection”> “Location services”.

Although they're both intended as convenience features as well, rather than just security features, Face ID and Touch ID are still very secure. This is partly due to the integrated "Secure Enclave", an isolated hardware area to protect your fingerprints and facial data.

This does not save the data as an image, but as a mathematical model that cannot be calculated back. The data is encrypted, stays on the device and is not sent to Apple.

The newer MacBook Pro models also have a Touch ID sensor integrated into the Touch Bar. This is powered by a special T1 chip on which the Secure Enclave sits.

The iMac Pro eventually introduced the T2 chip, Apple's second generation secure processor. It enables new encrypted storage and secure boot functions in the iMac Pro and processes things like the image signal processor of the FaceTime HD camera at the same time. It is much more difficult for attackers.

Increase security even further

While Apple has put a lot of work into making macOS and iOS secure, there are still many things you can do yourself to make your devices more secure. Over the next few pages, we will walk you through the most important steps to improve the security of your Mac, iPhone, and iPad and show you the most important settings.

Securing your Mac: Simple but effective settings

One of the main advantages of macOS is the multitude of built-in security features of the system. From FileVault to Gatekeeper, Apple has features that can stop threats before they become dangerous.

In general, you should stick to downloading Mac applications from the Mac App Store. But sometimes you might want to download an app from a third party that you trust. Apple can give developers a unique ID for their apps - Gatekeeper uses this to identify legitimate apps and block others without an ID.

Another useful feature is FileVault. This enables macOS to automatically encrypt your Mac's startup disk, preventing unauthorized access by malicious actors to important areas of your computer.

You should also always protect your Mac with a strong password that you won't use anywhere else.

It's also a good idea to create two user accounts. A standard account for daily use and an admin account. If malware has lodged in your standard account, it has fewer rights and can cause less damage. If an admin account is affected, there is greater danger.

Secure iPhone and iPad

What about iOS and security functions? As early as March 2018, news of a mysterious box called GrayKey surfaced. This is intended to give everyone access to the content of an iOS device, regardless of whether it is locked or not.

Although the device is intended for law enforcement use, it highlights an issue that is relevant to everyone: weak device passwords can be a real security issue. That's because GrayKey has reportedly used a “brute force attack” to try the target device's password until it finds the correct one and gains access.

The security researcher Matthew Green from the Johns Hopkins Institute for IT security therefore advises increasing the length of your password (as well as the use of alphanumeric characters).

According to his calculations, GrayKey (or other brute force attacks) would take an average of 12 years to crack a ten-digit password. With a four-digit code, on the other hand, it only takes 6.5 minutes on average.

App store downloads

As a further security measure, iOS only allows the installation of apps from the App Store. There is no way to install applications from third party websites like there is on a Mac.

You can change the device code in “Settings”> “Face / Touch ID & Code”. Tap on “Code Options” for further options.

Tap Custom Alphanumeric Code to enter a password using letters, numbers, and symbols. Upper and lower case letters are also possible.

If you prefer to stick to numbers, select the item "Own numeric code". This can be longer than six characters.

The last option allows you to switch to a four-digit code. However, we would no longer recommend such a short code.

What you can do

  • Download apps: Only download apps from the App Store or directly from Apple-approved developers. Do not run other applications unless you trust the source 100 percent.
  • Password length: Do not use four-digit passwords on iOS. Instead, use eight or more characters and add numbers, special characters, and capital letters.
  • Password manager: Use Safari's suggested passwords or a password manager such as LastPass. Also, do not use passwords that can easily be associated with you.
  • Admin account: Do not use the admin account for daily work on the Mac, but instead create your own standard account without activated admin rights.
  • Authentication: Activate two-factor authentication on websites and for your Apple ID in order to receive a second level of security in addition to the password.
  • System updates: Always download the latest macOS and iOS updates to always receive all bug fixes from Apple and to close security gaps early on.
  • Traffic light: Browser extensions can alert you to suspicious websites. If you're using Safari, give Trafficlight a try.
  • Don't get complacent: Using a Mac or iPhone doesn't make you invulnerable. Always take precautionary measures and inform yourself about current threats and risks.

You've probably heard of Specter and Meltdown, as they were hard to miss on the January 2018 news. Both are serious vulnerabilities that affect a large number of modern processors, including all modern Macs, iPhones, and iPads.

Both vulnerabilities can be patched, but Specter is more difficult to fix. In order to prevent these weak points in the future, the processors have to be designed differently. Fortunately, Intel, AMD, and ARM are committed to doing just that.

Apple quickly fixed the vulnerabilities and released updates for macOS 10.13.2, iOS 11.2 and tvOS 11.2. You should use these or newer versions.

Apple ID and iCloud

Transfer data securely: The iCloud is the storage location for your notes, photos, memories and many more. It is therefore not surprising that Apple attaches great importance to security there and, for example, automatically encrypts all stored data.

To make your iCloud account even more secure, you can activate two-factor authentication (2FA). As soon as it is activated, in addition to the password, you also have to enter a code, which you can see on your iPhone or Mac, for example. This has the decisive advantage that a hacker can no longer do anything with your password alone. In order to penetrate your iCloud, he also needs access to your iPhone or Mac, which makes the whole thing much more difficult.

In addition to this method, Apple also offers other security tools that you can use. For example, the keychain management, Apple's integrated password manager, helps you to keep track of passwords, credit card information and WLAN access. The keychain management data is synchronized via the iCloud and is available on all your Apple devices. All data is encrypted by Apple, both on your devices and in transit, to ensure that it cannot get into the hands of third parties. Because these features are deeply built into Apple's systems, they are free and easy to use.

Apple under fire

Apple's reputation for security has suffered quite a bit in the past year or two. Among other things, due to an error affecting the macOS root user account. This account could be accessed and used by anyone with extensive user rights by simply entering the user name “root” followed by an empty password in the login window of a Mac and then repeatedly pressing the Enter key. Strangers could take over the Mac without any great IT knowledge.

In 2015 and 2016, Apple was at the center of a dispute with the FBI when they refused to unlock an iPhone used by the perpetrator of the San Bernardino shooting. Apple argued that doing so would weaken the security of all iPhones and create a back door.

The App Store was also criticized because counterfeit and exploitative apps often appeared at the top of the iOS search results in the App Store search results.

Secure websites as well

Many websites offer you the opportunity to better secure your accounts: The operators of websites are also increasingly protecting themselves against security threats and offer you the option of using two-factor authentication, for example on Facebook, Twitter or Amazon. This makes it much more difficult for hackers to take over your social network accounts or to order goods from Amazon at your own expense. In the boxes below we explain how to activate the function there.

In addition, many browsers offer more and more security functions. For example, Safari now offers content blockers that can stop malicious code (like malware) on your Mac or iOS device.

Another great way to keep the websites you visit safe is by using an extension like Trafficlight from the online security company Bitdefender. As the name suggests, the tool uses a traffic light system to quickly show you which websites are safe.

Ideally, you should also use a different password for each website you use. This can get complicated in practice, but Safari can help you by suggesting strong passwords and automatically saving them for you. So you don't have to write memos and memorize hundreds of passwords.

  • Facebook: Click on the little arrow in the upper right corner and then on "Settings". Click on "Security and Login" on the left, then on "Edit next to" Set up two-step authentication ". Click on “Let's go” and follow the instructions.
  • Twitter: Click on your profile picture in the upper right corner and then on "Settings and privacy". Click Set Up Sign In Confirmation, then click Start. After the setup, Twitter will now send a code via SMS, which is required for registration.
  • Amazon: Open the account settings and click on “Sign in and security”. Click Edit next to Advanced Security Settings, then click Get Started next to Two-Step Verification. Follow the instructions.

You've probably heard of Specter and Meltdown, as they were hard to miss on the January 2018 news. Both are serious vulnerabilities that affect a large number of modern processors, including all modern Macs, iPhones, and iPads.

Both vulnerabilities can be patched, but Specter is more difficult to fix. In order to prevent these weak points in the future, the processors have to be designed differently. Fortunately, Intel, AMD, and ARM are committed to doing just that.

Apple quickly fixed the vulnerabilities and released updates for macOS 10.13.2, iOS 11.2 and tvOS 11.2. You should use these or newer versions.

You can change the device code in “Settings”> “Face / Touch ID & Code”. Tap on “Code Options” for further options.

Tap Custom Alphanumeric Code to enter a password using letters, numbers, and symbols. Upper and lower case letters are also possible.

If you prefer to stick to numbers, select the item "Own numeric code". This can be longer than six characters.

The last option allows you to switch to a four-digit code. However, we would no longer recommend such a short code.

Although they're both intended as convenience features as well, rather than just security features, Face ID and Touch ID are still very secure. This is partly due to the integrated "Secure Enclave", an isolated hardware area to protect your fingerprints and facial data.

This does not save the data as an image, but as a mathematical model that cannot be calculated back. The data is encrypted, stays on the device and is not sent to Apple.

The newer MacBook Pro models also have a Touch ID sensor integrated into the Touch Bar. This is powered by a special T1 chip on which the Secure Enclave sits.

The iMac Pro eventually introduced the T2 chip, Apple's second generation secure processor. It enables new encrypted storage and secure boot functions in the iMac Pro and processes things like the image signal processor of the FaceTime HD camera at the same time. It is much more difficult for attackers.

Workshop: Six steps to a secure Mac

Workshop: The second factor for the iCloud