Apple engineer Ivan Krstic is scheduled to host a discussion at this year's Black Hat Conference, offering a "Behind the Scenes" look at iOS security. Black Hat is an annual event designed for the global InfoSec community, giving security professionals a place to meet up and gain training on new techniques.

According to an overview of Krstic's talk, three iOS security mechanisms will be discussed in "unprecedented technical detail," including the first public discussion of Auto Unlock, a feature new to iOS 10.

blackhat

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Krstic will also cover the Secure Enclave Processor present in iOS devices that include the iPhone 5s and later, creating a discussion around how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, and he'll cover browser-based vulnerabilities and new protective features in iOS 10 Safari.

The 2016 Black Hat Conference will take place from July 30 to August 4 at the Mandalay Bay hotel in Las Vegas, Nevada. Tickets are priced at $2,595.

Top Rated Comments

keysofanxiety Avatar
85 months ago
Well the latest version of iOS 9's jailbreak got released this week, so spare yourself a ticket because the answer is: Security ain't good.
If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.
Score: 11 Votes (Like | Disagree)
uroshnor Avatar
85 months ago
Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use. They are, like it or not, major security holes in iOS that allow you to bypass many of the systems protections. Those quick and easy jailbreak by visiting a website can easily be a malware install.
Since Apple stopped shipping the A4 processor, there has been no way to jailbreak without :

- knowing the device passcode
- having physical control of the device, and hooking it up to a computer that is running the jailbreak installation software
- rebooting the device as part of the process

Recent jailbreaks like Pangu require 10+ exploits chained together, under the above conditions (i.e. Unlocked & paired to the "hostile" computer)

Since the A7 shipped & iOS 8, there have been no "bypass the passcode attempt counter" attacks either. (There was one for A5/A6 and iOS 8, but it was patched with iOS 9).

If you look back to an earlier time, before the A5 and before secure enclave when a web based attack like JailbreakMe.com was feasible, across all 3 versions, it was unlatch for, IIRC, a total of 67 days (40 days for the first time, 20 the second and 7 the third).

If you look at the black market prices for the buying and selling of exploits to break into devices : for iOS exploits, when they are for sale, have going prices that are 10x to 100x other platforms , and a jailbreak is worth between 1 and 4 million USD.

Pangu and TaiG are funded by the pirate App Store market in China and have a comparable research budget to that.

So yes, the methods used in a jailbreak might enable malware , and might enable drive-by infestation, but in general Apple has gotten things to a point where in order to jailbreak you already have access to all the info on a phone. That's not ideal, but it's far from awful, and vastly better than 99% of Android devices and other platforms.
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
85 months ago
Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use.
Name one example of that, which has happened without user authorisation.
Score: 3 Votes (Like | Disagree)
smacrumon Avatar
85 months ago
I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past. In more recent keynotes, the unveilings have been more superficial and a little too sales pitchy IMHO.
Score: 3 Votes (Like | Disagree)
stepmuel Avatar
85 months ago
I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past.
Google "ios security white paper" and you'll get a PDF that is most likely exactly what the Apple engineer will talk about.

On https://developer.apple.com/videos/ you'll find all the technical "behind the scenes" videos. I recommend "Platform State of the Union" for a good overview.
Score: 2 Votes (Like | Disagree)
C DM Avatar
85 months ago
The iPhone 5s has a secure enclave? I did not know that.
Isn't that basically associated with TouchID and 64-bit architecture (both of which started out with 5s)?
Score: 1 Votes (Like | Disagree)

Popular Stories

Apple Silicon Teal Feature

The Next Big Apple Silicon Device May Not Be a Mac or iPad

Wednesday February 1, 2023 3:57 am PST by
Apple's next device with an Apple silicon chip may not be a Mac or an iPad, but rather an advanced external display, according to recent reports. The display, which is rumored to arrive this year, is expected to sit somewhere between the $1,599 Studio Display and the $4,999 Pro Display XDR – but more exact information about the device's positioning and price point is as yet unknown. While ...
General iOS 16 Feature Yellow

Five New iOS Features Coming to Your iPhone Later This Year

Tuesday January 31, 2023 11:58 am PST by
Apple has previously announced several upcoming iOS features that are expected to be added to the iPhone this year. Some of the features could be introduced with iOS 16.4, which should enter beta testing soon, while others will arrive later in the year. Below, we have recapped five new iOS features that are expected to launch in 2023, such as an Apple Pay Later financing option for purchases ...
HomePod 2 White and Midnight Feature Purple Blue

Apple Explains Why HomePod Was Released Again, Wi-Fi 4 Limitation, and More

Thursday February 2, 2023 7:57 am PST by
Apple's VP of hardware engineering Matthew Costello and product marketing employee Alice Chan recently spoke with Men's Journal and TechCrunch about the new second-generation HomePod in wide-ranging interviews about the smart speaker. Apple discontinued the original full-size HomePod in March 2021 after multiple reports indicated that sales of the speaker were lackluster, but Chan told Men's ...
iOS 16

Apple Preparing iOS 16.3.1 Update for iPhone as Wait for iOS 16.4 Beta Continues

Thursday February 2, 2023 6:41 am PST by
Apple appears to be preparing an iOS 16.3.1 update for the iPhone, based on evidence of the software in our website's analytics logs this week. It's unclear when the update will be released, but it will likely be available at some point in February. The same logs have accurately foreshadowed the release of several previous updates, including iOS 16.0.3 and iOS 16.1.1 most recently, so they...
dewey airtag

Report Highlights Danger of Using AirTags for Tracking Dogs

Monday January 30, 2023 1:45 pm PST by
AirTags may be a convenient way for tracking dogs that might get off leash or otherwise lost, but there are dangers associated with the practice, as outlined by a report from The Wall Street Journal. At 1.26 inches in diameter, AirTags are able to fit easily on a dog's collar, but that size also makes the tracking devices small enough to swallow, at least for a medium to large-sized dog, and ...
MKBHD HomePod 2 White Ring Stain

New HomePod Can Still Stain Some Wooden Surfaces

Tuesday January 31, 2023 8:29 am PST by
When the original HomePod launched in 2018, it was discovered that the speaker can leave white rings on some wooden surfaces. Now, well-known YouTuber Marques Brownlee has confirmed that the issue persists to a lesser extent with the new HomePod. In a side-by-side test, he showed that the white second-generation HomePod left a white ring on the wooden surface that he placed the speaker on,...
Multi Display CarPlay 1

Apple Launching All-New CarPlay Experience Later This Year With These 5 Features

Sunday January 29, 2023 10:15 am PST by
In June 2022, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple says the first vehicles with support for the next-generation CarPlay experience will be announced in late 2023, with committed automakers including Acura, Audi,...
iOS 16

When Will the iOS 16.4 Beta Be Released?

Wednesday February 1, 2023 11:09 am PST by
It's been more than a week since Apple released the iOS 16.3 update, and typically, new iOS betas follow launches within a day or so. We were expecting Apple to provide the first beta iOS 16.4 on Monday, Tuesday or Wednesday of this week, but that hasn't happened. Tuesdays are the days that we most often see betas, though Monday and Wednesday happen now and then, and most often betas come...