Apple engineer Ivan Krstic is scheduled to host a discussion at this year's Black Hat Conference, offering a "Behind the Scenes" look at iOS security. Black Hat is an annual event designed for the global InfoSec community, giving security professionals a place to meet up and gain training on new techniques.

According to an overview of Krstic's talk, three iOS security mechanisms will be discussed in "unprecedented technical detail," including the first public discussion of Auto Unlock, a feature new to iOS 10.

blackhat

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Krstic will also cover the Secure Enclave Processor present in iOS devices that include the iPhone 5s and later, creating a discussion around how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, and he'll cover browser-based vulnerabilities and new protective features in iOS 10 Safari.

The 2016 Black Hat Conference will take place from July 30 to August 4 at the Mandalay Bay hotel in Las Vegas, Nevada. Tickets are priced at $2,595.

Top Rated Comments

keysofanxiety Avatar
79 months ago
Well the latest version of iOS 9's jailbreak got released this week, so spare yourself a ticket because the answer is: Security ain't good.
If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.
Score: 11 Votes (Like | Disagree)
uroshnor Avatar
79 months ago
Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use. They are, like it or not, major security holes in iOS that allow you to bypass many of the systems protections. Those quick and easy jailbreak by visiting a website can easily be a malware install.
Since Apple stopped shipping the A4 processor, there has been no way to jailbreak without :

- knowing the device passcode
- having physical control of the device, and hooking it up to a computer that is running the jailbreak installation software
- rebooting the device as part of the process

Recent jailbreaks like Pangu require 10+ exploits chained together, under the above conditions (i.e. Unlocked & paired to the "hostile" computer)

Since the A7 shipped & iOS 8, there have been no "bypass the passcode attempt counter" attacks either. (There was one for A5/A6 and iOS 8, but it was patched with iOS 9).

If you look back to an earlier time, before the A5 and before secure enclave when a web based attack like JailbreakMe.com was feasible, across all 3 versions, it was unlatch for, IIRC, a total of 67 days (40 days for the first time, 20 the second and 7 the third).

If you look at the black market prices for the buying and selling of exploits to break into devices : for iOS exploits, when they are for sale, have going prices that are 10x to 100x other platforms , and a jailbreak is worth between 1 and 4 million USD.

Pangu and TaiG are funded by the pirate App Store market in China and have a comparable research budget to that.

So yes, the methods used in a jailbreak might enable malware , and might enable drive-by infestation, but in general Apple has gotten things to a point where in order to jailbreak you already have access to all the info on a phone. That's not ideal, but it's far from awful, and vastly better than 99% of Android devices and other platforms.
Score: 7 Votes (Like | Disagree)
keysofanxiety Avatar
79 months ago
Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use.
Name one example of that, which has happened without user authorisation.
Score: 3 Votes (Like | Disagree)
smacrumon Avatar
79 months ago
I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past. In more recent keynotes, the unveilings have been more superficial and a little too sales pitchy IMHO.
Score: 3 Votes (Like | Disagree)
stepmuel Avatar
79 months ago
I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past.
Google "ios security white paper" and you'll get a PDF that is most likely exactly what the Apple engineer will talk about.

On https://developer.apple.com/videos/ you'll find all the technical "behind the scenes" videos. I recommend "Platform State of the Union" for a good overview.
Score: 2 Votes (Like | Disagree)
C DM Avatar
79 months ago
The iPhone 5s has a secure enclave? I did not know that.
Isn't that basically associated with TouchID and 64-bit architecture (both of which started out with 5s)?
Score: 1 Votes (Like | Disagree)

Popular Stories

ios 16 beta 5 battery percent

iOS 16 Beta 5: Battery Percentage Now Displayed in iPhone Status Bar

Monday August 8, 2022 10:43 am PDT by
With the fifth beta of iOS 16, Apple has updated the battery icon on iPhones with Face ID to display the specific battery percentage rather than just a visual representation of battery level. The new battery indicator is available on iPhone 12 and iPhone 13 models, with the exception of the 5.4-inch iPhone 12/13 mini. It is also available on the iPhone 11 Pro and Pro Max, XS and XS Max, and...
iPhone 14 Lineup Feature Purple

Color Options for All iPhone 14 Models: Everything We Know

Monday August 8, 2022 3:59 am PDT by
The iPhone 14 and iPhone 14 Pro models are rumored to be available in a refreshed range of color options, including an all-new purple color. Most expectations about the iPhone 14 lineup's color options come from an unverified post on Chinese social media site Weibo earlier this year. Overall, the iPhone 14 and iPhone 14 Pro's selection of color options could look fairly similar to those of the ...
iOS 16 battery percentage

Apple Limiting iOS 16 Beta 5 Battery Percentage Display to Select iPhones: Here Are the Supported Devices

Tuesday August 9, 2022 2:51 am PDT by
Apple this week brought back one of the most highly requested features from iOS users since the launch of the iPhone X in 2017: the ability to see your battery percentage directly in the status bar. Ever since the launch of the iPhone X with the notch, Apple has not allowed users to show their battery percentage directly in the status bar, forcing them to swipe down into Control Center to...
ios 16 battery indicator 2

Everything New in iOS 16 Beta 5: Battery Percentage in Status Bar, Find My Changes and More

Monday August 8, 2022 12:53 pm PDT by
Apple today seeded the fifth beta of iOS 16 to developers for testing purposes, introducing some small but notable changes to the iOS operating system. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up everything new in the fifth beta below. Battery Percentage in Status Bar The battery icon in the status bar now displays the exact battery percent, a feature that ...
iphone 14 pro max camera bump compared lipilipsi 16 9

Bigger iPhone 14 Pro Max Camera Bump Shown Alongside iPhone 13 Pro Max

Monday August 8, 2022 4:33 am PDT by
The camera bump on the upcoming iPhone 14 Pro Max is expected to be the largest rear lens housing Apple has ever installed on its flagship smartphones, and a new photo offers a rare glimpse at just how prominent it is compared to Apple's predecessor device. iPhone 14 Pro Max dummy (left) vs iPhone 13 Pro Max All iPhone 14 models are expected to see upgrades to the Ultra Wide camera on the...
cook sept 2020 event

Gurman: Apple Preparing Pre-Recorded iPhone 14 and Apple Watch Series 8 Event

Sunday August 7, 2022 6:13 am PDT by
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
airpods pro black background

Beyond iPhone 14: Five Apple Products Expected to Launch Later This Year

Monday August 8, 2022 9:43 am PDT by
While the iPhone 14 and Apple Watch Series 8 are expected to be announced in September as usual, there are several more Apple products rumored to launch later this year, including new iPad and Mac models and more. Beyond the iPhone and Apple Watch, we've put together a list of five Apple products that are most likely to be unveiled by the end of 2022. Second-Generation AirPods Pro Apple...