Full Video of Apple Engineer's Black Hat Security Talk Now Available - MacRumors
Skip to Content

Full Video of Apple Engineer's Black Hat Security Talk Now Available

by

Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.

Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."


In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.

The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.

Popular Stories

apple price hike

Apple Just Increased Prices on MacBooks, iPads, and More

Thursday June 25, 2026 5:44 am PDT by
Apple today dramatically increased device prices across multiple product lines. Subscribe to the MacRumors YouTube channel for more videos. After temporarily taking it down earlier today, Apple's online store is back up with a series of product price increases. The changes are as follows: HomePod mini: $129, up from $99 (+$30) HomePod: $349, up from $299 (+$50) Apple TV: $199, up from...
Read Full Article946 comments
Apple Up Arrow Fearture

Apple Explains Why It Raised Prices on 14 Products Today

Thursday June 25, 2026 10:42 am PDT by
Apple today raised prices on many of its products, including all Macs and iPads, as well as the Apple TV, HomePod, HomePod mini, and Vision Pro. We shared a list of the price increases, which range from $30 for the HomePod mini to up to $1,300 for the Mac Studio. iPhone, Apple Watch, and AirPods prices have not changed, at least for now. In a statement shared with MacRumors, Apple said it...
Read Full Article300 comments
Mac Studio Feature

M5 Ultra Mac Studio Could Launch in 2026 With Up to 768GB of RAM

Thursday June 25, 2026 2:30 pm PDT by
Despite price increases across the Mac line, Apple is still planning to release a new Mac Studio as soon as this year, reports Bloomberg. Apple plans to introduce a new M5 Ultra chip as the final option in the M5 family before it transitions to the M6, M7, M7 Pro, and M7 Max. The M5 Ultra will come in a new version of the Mac Studio, which hasn't been updated since March 2025. The Mac...
Read Full Article158 comments

Top Rated Comments

iTom17 Avatar
iTom17
129 months ago
I don't understand most of it either, but it's pretty fun to see how serious Apple is about system security.

I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.

So I may not understand 99% of this, it's just fun to watch. :p


By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
Score: 6 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
129 months ago
Sure, compared to whom?

And who takes security+privacy as seriously?

Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?
Calm down dude. It was just a sarcastic joke in response to another quote.
Score: 5 Votes (Like | Disagree)
akfgpuppet Avatar
akfgpuppet
129 months ago
....and I understood like 5% of what he was talking about.
Score: 5 Votes (Like | Disagree)
CarlJ Avatar
CarlJ
129 months ago
Apple's password to unlock everything is 12345. Try it out!
I've got that same combination on my luggage!
[doublepost=1471416518][/doublepost]
RIP Jailbreak.
If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.
Score: 4 Votes (Like | Disagree)
yaxomoxay Avatar
yaxomoxay
129 months ago
but ios requires 6 numbers by default.
That's the trick that Cue designed. Everyone's is going for the six digits!
Score: 4 Votes (Like | Disagree)
pat500000 Avatar
pat500000
129 months ago
The only thing I understood is "Thanks for coming" part.
Score: 4 Votes (Like | Disagree)
Read All Comments