Full Video of Apple Engineer's Black Hat Security Talk Now Available

Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.

Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."


In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.

The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.

Top Rated Comments

(View all)
Avatar
54 months ago
I don't understand most of it either, but it's pretty fun to see how serious Apple is about system security.

I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.

So I may not understand 99% of this, it's just fun to watch. :p


By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
Score: 6 Votes (Like | Disagree)
Avatar
54 months ago
....and I understood like 5% of what he was talking about.
Score: 5 Votes (Like | Disagree)
Avatar
54 months ago

Sure, compared to whom?

And who takes security+privacy as seriously?

Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?

Calm down dude. It was just a sarcastic joke in response to another quote.
Score: 5 Votes (Like | Disagree)
Avatar
54 months ago
The only thing I understood is "Thanks for coming" part.
Score: 4 Votes (Like | Disagree)
Avatar
54 months ago

but ios requires 6 numbers by default.

That's the trick that Cue designed. Everyone's is going for the six digits!
Score: 4 Votes (Like | Disagree)
Avatar
54 months ago

Apple's password to unlock everything is 12345. Try it out!

I've got that same combination on my luggage!
[doublepost=1471416518][/doublepost]

RIP Jailbreak.

If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.
Score: 4 Votes (Like | Disagree)

Top Stories

'iPhone 12 mini' Name Reappears in Leaked Apple iPhone 12 Case Stickers

Friday September 25, 2020 1:58 am PDT by
Earlier this week a proven leaker claimed that the iPhone 12 lineup would be named "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max," and today the same nomenclature has appeared again in a photo depicting alleged stickers from unreleased Silicone iPhone cases originating from Apple's international distribution center in Ireland. The photo shows three stickers with the...

Top Stories: iOS 14 Feature Tour, 'iPhone 12 mini' Rumors, Apple Watch Band Controversy

Saturday September 26, 2020 6:00 am PDT by
Things started to calm down a bit this week following last week's rush of media event, Apple Watch and iPad launches, and the release of iOS 14 and other operating updates. But that doesn't mean there wasn't still a lot of news, from digging deeper into iOS 14 to more iPhone 12 rumors to the uproar over trying to exchange band sizes on the new Apple Watch. On top of all of that, we heard...

Apple Releases iOS 14.0.1 With Fix for Bug That Resets Default Apps After Rebooting

Thursday September 24, 2020 10:12 am PDT by
Apple today released iOS 14.0.1, the first update to the iOS 14 operating system that was released on September 16. Today's update is a bug fix update addressing issues that weren't able to be fixed in the initial iOS 14 launch. The iOS 14.0.1 update is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. ...

New Images Leak of iPhone 12 Braided USB-C to Lightning Cable

Thursday September 24, 2020 2:37 am PDT by
Rumors suggest Apple's upcoming iPhone 12 models will ship with a new Lightning to USB-C cable that includes a braided fabric design. Images of the purported cables were leaked in July, and today leaker Mr White has shared new images that give us a closer look at what we might get included in the iPhone 12 box. The photos show a USB-C to Lightning cable with a clearly braided design rather...

New Version of Microsoft Office Coming Next Year That Won't Require a Subscription

Thursday September 24, 2020 1:53 am PDT by
Microsoft will next year offer a new perpetual release of Microsoft Office for Mac and Windows that doesn't require a subscription to use, according to the software giant (via Windows Central). "Microsoft Office will also see a new perpetual release for both Windows and Mac, in the second half of 2021," said Microsoft in a blog post announcing the next version of its Exchange server,...

Video Offers Closer Look at Apple Face Mask

Friday September 25, 2020 5:25 am PDT by
YouTube channel Unbox Therapy has today shared a new video giving a closer look at Apple's reusable face masks for corporate and retail employees. Apple's own face mask was designed by the company's Engineering and Industrial Design teams amid the global health crisis for corporate and retail employees, and the boxes include Apple's famous "Designed by Apple in California" text. The...

Upcoming Xbox App Update Will Let Xbox Users Stream Games to iPhone and iPad

Friday September 25, 2020 11:58 am PDT by
Microsoft is testing a new version of its Xbox app that will let Xbox users play games remotely on their iPhones and iPads using streaming functionality. The new feature was rolled out to TestFlight users this morning. The Xbox streaming option is distinct from Microsoft's xCloud service, which it has been clashing with Apple over. xCloud is designed to stream games from Microsoft's servers, ...

Apple Releases macOS Catalina 10.15.7 With Fixes for WiFi Bug, 27-Inch iMac Graphics Issues

Thursday September 24, 2020 10:32 am PDT by
Apple today released macOS Catalina 10.15.7, the latest update to the macOS Catalina software. macOS Catalina 10.15.7 fixes several major bugs that Mac users have been experiencing, and it comes a month after the latest macOS Catalina release. The ‌‌‌macOS Catalina‌‌‌ 10.15.6 Supplemental Update can be downloaded from the Mac App Store using the Update feature in the System...

iOS 14: 'Phoenix 2' Space Shooter Delivers Playable Demo via App Clips

Saturday September 26, 2020 2:08 pm PDT by
One of the new features that arrived in iOS 14 is called App Clips. App Clips is described by Apple to be a "small part of your app" that can be available to users at just the right moment.App Clips focus on finishing one task quickly. An ideal App Clip experience allows users to open and complete a task in seconds. Instead of requiring an App Store download, they can be loaded and run via...

Apple's iPhone 12 Event Could Happen on October 13 Based on Rumors From Mobile Operators

Wednesday September 23, 2020 11:51 am PDT by
Apple's upcoming iPhone-centric event could perhaps be held on Tuesday, October 13, according to information shared with MacRumors by an employee at a UK cellular carrier. There's no way for us to confirm the dates at this point in time nor are we sure on the credibility of the source, but even without a rumor, Tuesday, October 13 is a good guess based on Apple's historic launch timelines, ...