Behind the Scenes of iOS Security

Google+ Pinterest LinkedIn Tumblr +

Video is ready, Click Here to View ×

by Ivan Krstic

With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.

HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user’s home, the ability to unlock a user’s Mac from an Apple Watch, and the user’s passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.

Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.

Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.


About Author


  1. If only Apple allows advanced users to have root access to their device and include Openssh natively because I paid for my device and I can whatever I want with it

  2. 200k for boot rom exploits? Govs and Def. contractors pay 5x that.. They can't be patched and have a small-byte attack surface which is why they are super-rare..

  3. So when it comes right down to it, apple still says "Trust us".

    Who says the NSA don't get a copy of the admin cards or there is no backdoor in there anyways.

  4. Interesting to see the difference between iOS and Android here:

    iOS is bolted down and secured from every side possible, but isn't quite that customizable, while

    Android is so customizable you can do anything with it, but is like a swiss cheese for vulnerabilities

  5. 1 apple hardware is way overpriced and realy bad electronic design for something that supposed to be high quality.
    2 apple in its IOS is just using old android open source projects for security
    3 IOS is an opened book for hackers compare to android setup whit full security as default same as IOS is default. Most android smartphone makers choose not to have full security on as default so you can own your phone. apple don't want their consumers to own their phone…