by Ivan Krstic
With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user’s home, the ability to unlock a user’s Mac from an Apple Watch, and the user’s passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
27 Comments
If only Apple allows advanced users to have root access to their device and include Openssh natively because I paid for my device and I can whatever I want with it
he is hot
This is why I respect Apple. I just don't use their devices
I hope they melted the cards too lol
amentia idea to predict a time to update.
34:26 Crypto smoke! Don't breathe this!
this is why ill always use ios and not android
Ivan rocks 🙂 Pozdrav iz Hrvatske 😉
So proud of my schoolmate.. Pozdrav sa kvarta ?
Apple Bounty Program –hoorahh!
I speak Russian but don't understand what language is he speaking, pig latin?
"Tough audience questions!" 😉
200k for boot rom exploits? Govs and Def. contractors pay 5x that.. They can't be patched and have a small-byte attack surface which is why they are super-rare..
So when it comes right down to it, apple still says "Trust us".
Who says the NSA don't get a copy of the admin cards or there is no backdoor in there anyways.
Interesting to see the difference between iOS and Android here:
iOS is bolted down and secured from every side possible, but isn't quite that customizable, while
Android is so customizable you can do anything with it, but is like a swiss cheese for vulnerabilities
1 apple hardware is way overpriced and realy bad electronic design for something that supposed to be high quality.
2 apple in its IOS is just using old android open source projects for security
3 IOS is an opened book for hackers compare to android setup whit full security as default same as IOS is default. Most android smartphone makers choose not to have full security on as default so you can own your phone. apple don't want their consumers to own their phone…
Cloud Key Vault ceremony… dayyyum thats boss
so the moral of the story is same as always? clone the sap bit for bit onto infinite other "sap"s and brute it 10 at a time?
45:35 fucking hilarious
I forgot my Apple ID password & security Questions, now I can't unlock my iPad. Makes me crazy…….
Can anyone read what the Terminal title says at 4:51?
Occult Cryptographic Dust Summoning Rituals
I strongly dislike it when vendors tie their junk into a cloud service.
apple sucks now. they started as open source, then devolved.
In ios 11 heading fonts are very bigger size lol apple …
He's hard to follow. He walks around too much lol
pretty sure that the comment at 47:43 is not true. you can hook into springboard and change the flags for the passcode being disabled following incorrect attempts and then pragmatically brute force the passcode on-device. in-fact, so long as i understood the question correctly i know this logic is not enforced inside the SEP because i wrote code to actually brute-force this years ago: https://github.com/hiburn8/passtoad/blob/master/Tweak.xm