Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
55,001
17,377



Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.

Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."


In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.

Article Link: Full Video of Apple Engineer's Black Hat Security Talk Now Available
 
  • Like
Reactions: 997440 and Te0SX

iTom17

macrumors 6502a
Aug 2, 2013
960
1,120
Eindhoven, the Netherlands
I don't understand most of it either, but it's pretty fun to see how serious Apple is about system security.

I'm currently doing network administration, where network security is one of the topics we learn about. May not be on a big scale, but I actually like this whole subject. And I'm planning on doing something with security engineering after this.

So I may not understand 99% of this, it's just fun to watch. :p


By the way, here are the presentation slide: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
 
Last edited:

bfreek

macrumors member
Sep 11, 2015
47
92
can somebody give me a quick rundown of how apple's effort compares to that of android/google?
what's the status on android?
what meassures exist on android?
do android devices have crypto co-processor like the secure enclave? what if not?
how does android's fragmentation affect the situation?
so, is iOS and icloud actually the most secure mobile os out there?

thanks.
 

QuarterSwede

macrumors G3
Oct 1, 2005
9,569
1,669
Colorado Springs, CO
I've gotta say I'm more impressed with how they engineered this than I thought I'd be. The Safari bit at the beginning is genius. They basically rewrite how permissions are used by the system. It's also interesting to see how they keep the encryption keys private and how the secure enclave and other secure systems work to keep hackers out. It's only more impressive in iOS 10. Great post!
 

usarioclave

macrumors 65816
Sep 26, 2003
1,447
1,506
The Javascript JIT stuff shows how important Javascript is to the web: Apple is doing a lot of skanky and cool stuff just so that Javascript can run fast.

I forgot that they were using clang/llvm as the JS JIT; I was thinking they were after watching that part, but I had to go and verify it.
 

Zirel

Suspended
Jul 24, 2015
2,196
3,008
Apple doesn't take security seriously enough.

:mad::mad::eek::eek: ;)

Sure, compared to whom?

And who takes security+privacy as seriously?

Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?
 

Zirel

Suspended
Jul 24, 2015
2,196
3,008
BTW, at 47:22 the engineer proves that at least one method that Snowden said the FBI can use to unlock the San Bernardino phone (iPhone 5c) might not be actually possible, and in 64 bit phones, it surely won't be possible, because the number of tries is actually registered in the Secure Enclave.
 
  • Like
Reactions: miknos

H2SO4

macrumors 601
Nov 4, 2008
4,992
6,216
Sure, compared to whom?

And who takes security+privacy as seriously?

Who has an executive team that can axe marketable features for privacy reasons, that not even 1% of people gives a damn?
Probably lots of companies. Lots that don’t have the resources Apple has.
This reminds me of Volvo back in the day that majored on safety. Lots of other companies were interested in it too, Volvo were the only ones that made a song and dance about it. Suddenly the press thought that Volvo were the only ones pushing it forward, much like posters on internet forums with Apple and their privacy/security stance.
 

modemthug

macrumors regular
Apr 20, 2010
209
584
can somebody give me a quick rundown of how apple's effort compares to that of android/google?
what's the status on android?
what meassures exist on android?
do android devices have crypto co-processor like the secure enclave? what if not?
how does android's fragmentation affect the situation?
so, is iOS and icloud actually the most secure mobile os out there?

thanks.
Android doesn't even come close. Even the new Qualcomm chips are vulnerable to attack (they've found two serious flaws with them this year, affecting 900 million devices -- Google Quadrooter) and just today another Linux but was uncovered affecting 1.4 billion Android devices. Android is a security nightmare. There's even AN API TO CHANGE THE DEVICE PASSCODE, true story (Google Lockdroid).
 
  • Like
Reactions: CarlJ

CarlJ

Contributor
Feb 23, 2004
5,764
10,026
San Diego, CA, USA
Apple's password to unlock everything is 12345. Try it out!
I've got that same combination on my luggage!
[doublepost=1471416518][/doublepost]
RIP Jailbreak.
If the choice is between security that vexes even governments, and wacky add-ons, I'll take the security every day and twice on Sunday.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.