According to an overview of Krstic's talk, three iOS security mechanisms will be discussed in "unprecedented technical detail," including the first public discussion of Auto Unlock, a feature new to iOS 10.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.Krstic will also cover the Secure Enclave Processor present in iOS devices that include the iPhone 5s and later, creating a discussion around how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, and he'll cover browser-based vulnerabilities and new protective features in iOS 10 Safari.
The 2016 Black Hat Conference will take place from July 30 to August 4 at the Mandalay Bay hotel in Las Vegas, Nevada. Tickets are priced at $2,595.