Full Video of Apple Engineer's Black Hat Security Talk Now Available

Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.

Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."


In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.

The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.

Popular Stories

iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
iPhone SE 4 Thumb 1

'New' iPhone SE Product Listing Appears on French Website

Wednesday February 12, 2025 6:49 am PST by
As the wait continues for Apple's long-rumored, fourth-generation iPhone SE, French electronics retailer Boulanger has prematurely published a product listing for a "new" model of the iPhone SE. The placeholder page says the device is "coming soon," but it offers no further information, and the price shown is obviously not real. The listing was spotted by a reader of the French technology...
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro With All-New Camera Bar Design Allegedly Revealed

Thursday February 13, 2025 5:49 pm PST by
Apple's next-generation iPhone 17 Pro will feature three rear cameras arranged in a familiar triangular layout, but the cameras will be housed in an all-new rectangular camera bar with rounded corners, according to YouTube channel Front Page Tech. iPhone 17 Pro camera design render created by Asher for Front Page Tech In a video uploaded today, Front Page Tech host Jon Prosser said the camera ...
M4 Mac mini Apple Video

Apple's Refurbished Mac Mini Pricing Has a Problem

Thursday February 13, 2025 6:20 am PST by
Apple this week began selling refurbished Mac mini models with the M4 chip for the first time, but this has led to a pricing conundrum. In the United States, Apple is offering a refurbished Mac mini with the base M4 chip, 256GB of storage, 16GB of RAM, and Gigabit Ethernet for $509, down from $599 new. This is the standard 15% discount that Apple offers on refurbished Macs. The issue is...
iPhone 16 Apple Store

iPhone 17 in New Sizes This Year: What to Know

Thursday February 13, 2025 2:45 am PST by
Last year, Apple tweaked iPhone 16 Pro screen sizes to make them bigger than 2023's iPhone 15 Pro models, and this year we are also expecting a change in the size of the displays in the iPhone 17 lineup. Here's what we know. Standard iPhone 17 Apple could introduce a new display size for the standard iPhone 17 model in 2025. The iPhone 17 could measure in at 6.3 inches, up from 6.1 inches,...
iphone air concept weis

iPhone 17 Air Could Look Like This in Real Life

Friday February 14, 2025 3:41 am PST by
There have been several alleged leaked details of the iPhone 17 Air, Apple's rumored new slim iPhone, but images have been limited to grainy shots taken in component factories. However, this hyper-realistic concept created by WEIS Studio gives us the best idea yet of what Apple's thin device might actually look like. The concept design is inspired by recent leaks indicating that the device...
Apple Ad on X

Apple Resumes Advertising on X

Wednesday February 12, 2025 2:18 pm PST by
Apple this month started advertising on X for the first time in more than a year. The company had stopped advertising on the social media platform in November 2023 following controversial remarks made by its owner Elon Musk. For example, the @Apple account is running an ad promoting Safari's privacy features. The ad was spotted by MacRumors contributor Aaron Perris. The @AppleTV account has a...

Top Rated Comments

iTom17 Avatar
111 months ago
I don't understand most of it either, but it's pretty fun to see how serious Apple is about system security.

I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.

So I may not understand 99% of this, it's just fun to watch. :p


By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
Score: 6 Votes (Like | Disagree)
akfgpuppet Avatar
111 months ago
....and I understood like 5% of what he was talking about.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
111 months ago
Sure, compared to whom?

And who takes security+privacy as seriously?

Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?
Calm down dude. It was just a sarcastic joke in response to another quote.
Score: 5 Votes (Like | Disagree)
pat500000 Avatar
111 months ago
The only thing I understood is "Thanks for coming" part.
Score: 4 Votes (Like | Disagree)
yaxomoxay Avatar
111 months ago
but ios requires 6 numbers by default.
That's the trick that Cue designed. Everyone's is going for the six digits!
Score: 4 Votes (Like | Disagree)
CarlJ Avatar
111 months ago
Apple's password to unlock everything is 12345. Try it out!
I've got that same combination on my luggage!
[doublepost=1471416518][/doublepost]
RIP Jailbreak.
If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.
Score: 4 Votes (Like | Disagree)