Full Video of Apple Engineer's Black Hat Security Talk Now Available
Earlier this month, Apple's head of security engineering Ivan Krstic gave a talk at the Black Hat Conference, an annual event designed for the global InfoSec community. During the event, Krstic spoke about Apple security and unveiled the company's new bug bounty program.
Krstic's briefing is now available in full on YouTube, shared this morning on the Black Hat YouTube channel in a video entitled "Behind the Scenes of iOS Security."
In the talk, Krstic covers three major iOS security mechanisms -- HomeKit, Auto Unlock, and iCloud Keychain -- in "unprecedented technical detail," along with other iOS security measures.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
The most notable moment of Krstic's briefing features the unveiling of Apple's first ever bug bounty program, which will see the company paying out up to $200,000 to researchers who discover vulnerabilities in Apple software. Apple's bug bounty program, initially limited to a few dozen researchers, launches this September.
Popular Stories
iOS 18.3 should be released to the public next week, following beta testing since mid-December. While the software update is a relatively minor one, it still includes a handful of new features, changes, and bug fixes for iPhones.
Below, we recap everything new in iOS 18.3.
Notification Summary Changes
Examples of inaccurate Apple Intelligence notification summaries
Apple Intelligence...
Apple is set to release iOS 18.3 next week, bringing further refinements to Apple Intelligence features, a couple of neat new capabilities to iPhone 15 Pro and iPhone 16 devices, and bug fixes.
While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.3 still introduces capabilities that aim to make your iPhone smarter and more intuitive. Below, we've...
iOS 18.3 is expected to be widely released next week, and that means the first iOS 18.4 beta for iPhones should be just around the corner.
Apple has previously implied that iOS 18.4 will be released in April, as that is when it promised to make Apple Intelligence available in even more languages.
Below, we outline what to expect from iOS 18.4 so far.
Apple Intelligence for Siri
Siri ...
Walmart still does not accept Apple Pay or other NFC payments at its more than 4,600 stores across the U.S., and it stood firm on its reasoning for that today.
A spokesperson for Walmart today informed MacRumors that its position on contactless payments has not changed since we last reached out about the matter in 2022. The big-box retailer said it remains focused on its own convenient...
A new Apple TV is expected to be released later this year. In this article, we recap rumored features and changes for the device.
The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports Wi-Fi 6E, which would be an upgrade over the current Apple TV's standard Wi-Fi 6 support. Wi-Fi 6E extends the...
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes.
The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
The upcoming iPhone 17 models that Apple plans to release this year will not feature a smaller Dynamic Island, Apple analyst Ming-Chi Kuo said today.
On social media, he said that he is expecting the size of the Dynamic Island to remain "largely unchanged" across the iPhone 17 lineup. His statement is contrary to prior rumors that we've heard about planned changes for the iPhone 17 models.
...
Apple's retail stores will be rolling out "merchandise/floor marketing updates" next week, according to Bloomberg's Mark Gurman.
Gurman did not explicitly say if the store updates are related to any upcoming product announcements, but he did mention that next week is around the time that Apple rolls out its annual Black Unity watch band for the Apple Watch.
In each of the past four years, ...
It's also time for Apple's first product announcement of the year.
Last year, Apple said it would be launching Powerbeats Pro 2 in 2025, and the wireless earbuds are expected to launch very soon.
Powerbeats Pro 2 images found in iOS 18 code
In his Power On newsletter last weekend, Bloomberg's Mark Gurman said the Powerbeats Pro 2 are "due imminently." In addition to Apple filing the...
