In the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Full Video of Apple Engineer's Black Hat Security Talk Now Available
Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.
Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."
In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.
Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."
In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
[ 40 comments ]
Top Rated Comments
(View all)
46 months ago
I don't understand most of it either, but it's pretty fun to see how serious Apple is about system security.
I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.
So I may not understand 99% of this, it's just fun to watch. :p
By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.
So I may not understand 99% of this, it's just fun to watch. :p
By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
46 months ago
Sure, compared to whom?
And who takes security+privacy as seriously?
Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?
46 months ago
but ios requires 6 numbers by default.
That's the trick that Cue designed. Everyone's is going for the six digits!
46 months ago
Apple's password to unlock everything is 12345. Try it out!
I've got that same combination on my luggage![doublepost=1471416518][/doublepost]
RIP Jailbreak.
If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.
46 months ago
I've gotta say I'm more impressed with how they engineered this than I thought I'd be. The Safari bit at the beginning is genius. They basically rewrite how permissions are used by the system. It's also interesting to see how they keep the encryption keys private and how the secure enclave and other secure systems work to keep hackers out. It's only more impressive in iOS 10. Great post!
46 months ago
1) agreed, 2) they seem to consider it a much bigger target, and 3) actually, they've said that if you show up at the door with a sufficiently good case, you 'll get an instant invite to the party.
I don't expect the decision on whether or not to share source is based on what they think can be broken or what matters, but rather on what is or is not proprietary. All the GUI frameworks are their self-written code, and quite valuable to them (I totally get this - I use OS X because it's a UNIX workstation with a seriously good GUI, something that Linux has been trying and failing to deliver for many years). If they released all of OS X / macOS as open source, other companies would be slapping it on cheap PC hardware and competing against them on price. I'd love to have more (qualified) eyes on that code, but I can understand their position.
[doublepost=1471455354][/doublepost]It appears I'm in a minority position here - I watched the first part of it (got interrupted), and I don't feel lost, I feel giddy - love seeing other developers doing cool things, everything they said made delicious sense.
Also. I was only talking about the kernel. Not the GUI frameworks. The problem is that the XNU kernel itself isn't 100% open source.
46 months ago
Apple doesn't take security seriously enough.
:mad::mad::eek::eek: ;)
What specific technical guidance and advice would you pass on to Dr. Krstić addressing how Apple is not taking security seriously enough?
[ Read All Comments ]
Apple today updated the accessory section of its online store to add a new golf sensor, Sonos Port, and series of colorful new cases designed by Tech21.
The Arccos Caddie Smart Sensors,...
Apple today updated its Research app for the iPhone and the iPad to add AirPods Pro support for an ongoing hearing study.
According to Apple's release notes, the app now supports AirPods...
You can save on the 2TB 27-inch iMac this week, with Amazon discounting the computer to $2,099.00, down from $2,299.00 ($200 off). This is for the latest 2019 refresh of the 5K iMac, with...
Moment, the company behind the popular Moment photo editing app and the Moment line of lenses designed for iPhones, today announced the launch of RTRO, a new app designed for capturing fun video...
Amazon today has a solid deal on Apple's latest iPad Air, discounting the 256GB Wi-Fi model to $549.00, down from $649.00. This $100 off sale is the lowest we've ever tracked for...
Netatmo has announced that its Smart Indoor Camera now supports Apple's HomeKit Secure Video protocol.
The company revealed the news in a blog post on its website, explaining that the...
The discovery of a simple Terminal command that brings back the classic startup chime on newer Macs has gone viral in recent days. Apple disabled the startup sound on new Macs in 2016, and while a...
Disney+ is coming to Europe in just under a month, and Disney is offering prospective customers a discount subscription offer if they sign up early to the streaming video service.
Residents...
