Full Video of Apple Engineer's Black Hat Security Talk Now Available
Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.
Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."
In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.
Popular Stories
Sunday September 25, 2022 2:27 pm PDT by
Sami FathiA YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display.
TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
Upon the release of the second-generation AirPods Pro, the AirPods Max became the oldest current-generation AirPods product still in Apple's lineup. Introducing several new features like Adaptive Transparency and the H2 chip, the second-generation AirPods Pro may provide some of the best indications yet of what to expect from the second-generation AirPods Max.
Almost two years later, rumors...
Sunday September 25, 2022 10:57 am PDT by
Sami FathiAs we approach the end of a busy product release season for Apple with only new iPads and Macs left to be announced over the next month or so, we're also setting our sights on 2023. Apple is rumored to have several major products in the pipeline for next year, including new Macs, a new HomePod, a VR/AR headset, and so much more.
Other than new iPhones and Apple Watches, which are expected...
Sunday September 25, 2022 6:50 am PDT by
Sami FathiApple may decide to release its remaining products for 2022, which include updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pro models, through press releases on its website rather than a digital event, according to Bloomberg's Mark Gurman. In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases,...
The Apple Watch Series 8 and Apple Watch Ultra are now available to purchase, but if you aren't interested in these updates you can save a lot of money on Series 7 models right now on Amazon.
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
The best deals are on cellular...
Sunday September 25, 2022 7:02 am PDT by
Sami FathiApple is gearing up to possibly replace its "Pro Max" iPhone with an all-new "Ultra" iPhone 15 model next year, reliable Bloomberg journalist Mark Gurman said today.
Writing in his latest Power On newsletter, Gurman said that for the iPhone 15, Apple is planning a revamped design alongside USB-C and a potential name change. Apple could replace its "Pro Max" branding, which it started to use...
Friday September 23, 2022 9:40 am PDT by
Sami FathiCustomers who personalize their second-generation AirPods Pro charging case with an engraving will now have that engraving reflected directly on iOS as they pair and connect their AirPods Pro. Apple allows customers to personalize their AirPods Pro charging case with a special engraving that can include select emojis and Memojis. Unlike before, starting with the second-generation AirPods...
Monday September 26, 2022 7:34 am PDT by
Sami FathiToday marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more.
After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
Apple plans to release new MacBook Pro models in the fourth quarter of 2022, according to supply chain publication DigiTimes. The report does not mention specific models, but it very likely refers to the next-generation 14-inch and 16-inch MacBook Pros given that the 13-inch model was already updated earlier this year.
There has been uncertainty surrounding the timing of new 14-inch and...
Top Rated Comments
I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.
So I may not understand 99% of this, it's just fun to watch. :p
By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
[doublepost=1471416518][/doublepost]If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.