Apple Engineer to Discuss iOS Security at 2016 Black Hat Event

[MacRumors]

Apple engineer Ivan Krstic is scheduled to host a discussion at this year's Black Hat Conference, offering a "Behind the Scenes" look at iOS security. Black Hat is an annual event designed for the global InfoSec community, giving security professionals a place to meet up and gain training on new techniques.

According to an overview of Krstic's talk, three iOS security mechanisms will be discussed in "unprecedented technical detail," including the first public discussion of Auto Unlock, a feature new to iOS 10.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Krstic will also cover the Secure Enclave Processor present in iOS devices that include the iPhone 5s and later, creating a discussion around how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, and he'll cover browser-based vulnerabilities and new protective features in iOS 10 Safari.

The 2016 Black Hat Conference will take place from July 30 to August 4 at the Mandalay Bay hotel in Las Vegas, Nevada. Tickets are priced at $2,595.

Article Link: Apple Engineer to Discuss iOS Security at 2016 Black Hat Event

 

[CFreymarc]

Black Hat is one thing. Will he hang out the next week for Def Con?

 

[smacrumon]

I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past. In more recent keynotes, the unveilings have been more superficial and a little too sales pitchy IMHO.

 

[44267547]

Wow. $2,595.00 for a ticket! It would be Interesting to attend though.

 

[nevermind50]

The iPhone 5s has a secure enclave? I did not know that.

 

[Avieshek]

Still Jail-break.

 

[C DM]

The iPhone 5s has a secure enclave? I did not know that.

Isn't that basically associated with TouchID and 64-bit architecture (both of which started out with 5s)?

 

[XMZ-250]

The iPhone 5s has a secure enclave? I did not know that.

That is where the registered fingerprints of Touch ID stored.

 

[Dilster3k]

Well the latest version of iOS 9's jailbreak got released this week, so spare yourself a ticket because the answer is: Security ain't good.

 

[keysofanxiety]

Well the latest version of iOS 9's jailbreak got released this week, so spare yourself a ticket because the answer is: Security ain't good.

If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.

 

[daveak]

If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.

Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use. They are, like it or not, major security holes in iOS that allow you to bypass many of the systems protections. Those quick and easy jailbreak by visiting a website can easily be a malware install.

 

[keysofanxiety]

Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use.

Name one example of that, which has happened without user authorisation.

 

[Jeremy1026]

If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.

Someone found the hole and exploited it to create that jailbreak.

 

[uroshnor]

Jailbreaking is hacking, a malicious third party can exploit the same holes that jailbreaks use. They are, like it or not, major security holes in iOS that allow you to bypass many of the systems protections. Those quick and easy jailbreak by visiting a website can easily be a malware install.

Since Apple stopped shipping the A4 processor, there has been no way to jailbreak without :

- knowing the device passcode
- having physical control of the device, and hooking it up to a computer that is running the jailbreak installation software
- rebooting the device as part of the process

Recent jailbreaks like Pangu require 10+ exploits chained together, under the above conditions (i.e. Unlocked & paired to the "hostile" computer)

Since the A7 shipped & iOS 8, there have been no "bypass the passcode attempt counter" attacks either. (There was one for A5/A6 and iOS 8, but it was patched with iOS 9).

If you look back to an earlier time, before the A5 and before secure enclave when a web based attack like JailbreakMe.com was feasible, across all 3 versions, it was unlatch for, IIRC, a total of 67 days (40 days for the first time, 20 the second and 7 the third).

If you look at the black market prices for the buying and selling of exploits to break into devices : for iOS exploits, when they are for sale, have going prices that are 10x to 100x other platforms , and a jailbreak is worth between 1 and 4 million USD.

Pangu and TaiG are funded by the pirate App Store market in China and have a comparable research budget to that.

So yes, the methods used in a jailbreak might enable malware , and might enable drive-by infestation, but in general Apple has gotten things to a point where in order to jailbreak you already have access to all the info on a phone. That's not ideal, but it's far from awful, and vastly better than 99% of Android devices and other platforms.

 

[Zirel]

Well the latest version of iOS 9's jailbreak got released this week, so spare yourself a ticket because the answer is: Security ain't good.

When I opened this article, I KNEW you would write a comment like this.

iOS 9 jailbreaks are not critical in terms of security because they can't do anything without users explicit permission, by disabling "find my iPhone", which requires Apple ID password, and with 9.3.3 jailbreak, even giving the Apple ID to Pangu.

The same cannot be said by recent exploits in Android that affect 87% of the installed base.

 

[flyinmac]

If you can't see the distinction between a user jailbreaking and unauthorised hacking, I would question why you felt the need to comment.

I am in agreement with you there, in general. But there is one side of security that will always be a problem. The user.

Consider the desire to Jailbreak iPhones, and that the users jump on any opportunity to Jailbreak them. And from my observations, it doesn't appear that any of them take the time to personally dissect the code they are running to perform the jailbreak.

So, suppose a Jailbreak is released for iOS 10, and said Jailbreak inserts code to send your data, passwords, credit cards, or anything else important, to a unknown 3rd party.

Essentially, the iOS community has been conditioned to voluntarily compromise their security.

 

[modemthug]

Good, hopefully folks will realize that iOS is a truly secure plaform and that Android is not even close

 

[Zirel]

I am in agreement with you there, in general. But there is one side of security that will always be a problem. The user.

Consider the desire to Jailbreak iPhones, and that the users jump on any opportunity to Jailbreak them. And from my observations, it doesn't appear that any of them take the time to personally dissect the code they are running to perform the jailbreak.

So, suppose a Jailbreak is released for iOS 10, and said Jailbreak inserts code to send your data, passwords, credit cards, or anything else important, to a unknown 3rd party.

Essentially, the iOS community has been conditioned to voluntarily compromise their security.

You speak like a small part represents everyone. Most people don't jailbreak.

Jailbreak users deserve what might be coming for them anyway, as generally malware is distributed with cracked apps and not legitimate hacks.

 

[stepmuel]

I wish Apple would get more into the "behind the scenes" look of its technology at its keynotes as it used to in the past.

Google "ios security white paper" and you'll get a PDF that is most likely exactly what the Apple engineer will talk about.

On https://developer.apple.com/videos/ you'll find all the technical "behind the scenes" videos. I recommend "Platform State of the Union" for a good overview.

 

[C DM]

You speak like a small part represents everyone. Most people don't jailbreak.

Jailbreak users deserve what might be coming for them anyway, as generally malware is distributed with cracked apps and not legitimate hacks.

To be fair, I'd say that a lot of users that jailbreak don't do it for the purposes of some sort of cracked apps or non-legitimate hacks, but to get some sort of features/functionalities they need or want that iOS doesn't normally offer and/or to be able to customize some things that they might want.

 

[Zirel]

To be fair, I'd say that a lot of users that jailbreak don't do it for the purposes of some sort of cracked apps or non-legitimate hacks, but to get some sort of features/functionalities they need or want that iOS doesn't normally offer and/or to be able to customize some things that they might want.

That's why I used "might"

 

[vigilant]

Isn't that basically associated with TouchID and 64-bit architecture (both of which started out with 5s)?

Secure Enclave is associated with TouchID, but I believe it keeps keys for the boot process as well as the unlock code.

 

[CFreymarc]

Wow. $2,595.00 for a ticket! It would be Interesting to attend though.

And totally worth it if security is your business.

 

[Textime]

Those who are concerned about the data if they jailbreak their device. As easy as that.
Just. Don't. Jailbreak.

 

[nt5672]

. . . . Essentially, the iOS community has been conditioned to voluntarily compromise their security.

And I say, "Excellent", evolution at work, and they deserve what they get. If they don't want security then it is their right to bypass it.