Apple is planning on discussing various aspects of iOS 10 security in “unprecedented detail” at the upcoming BlackHat USA 2016 security conference. Ivan Krstic, head of Apple Security Engineering and Architecture, will give a 50-minute briefing to discuss cryptographic design, the Secure Enclave found in Touch ID-enabled devices, and a new JIT hardening mechanism in iOS 10.
This won’t be the first time that an Apple employee has graced the stage in Las Vegas during a BlackHat event. Back in 2012, Apple made headlines by allowing one of its employees to speak at the event, a first for the notoriously secretive company.
Sadly, the 2012 speaking engagement, led by platform security team manager Dallas De Atley, was largely viewed as a dud. The New York Times described De Atley’s talk as a rehash of publicly available white paper documents.
Judging from its exciting description, that doesn’t seem like it will be the case during this year’s event:
With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.
“Unprecedented technical detail” indicates that this engagement will consist of much more than a rehashing of a publicly existing document. It seems, from the description at least, that Apple will be providing more detail on iOS security, outside of its own developers conference, than it has ever done in the past.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
The cryptographic design and its implementation is what technologies like HomeKit, Auto Unlock and iCloud Keychain rely on. Thus, this discussion will touch on security-related technologies that many iOS customers can identify with and use on a daily basis.
Krstic, responsible for building out from-the-ground-up end-to-end security for all Apple products, will give his 50-minute discourse on August 4th at 12:50 EST at Las Vegas’ Mandalay Bay South Convention Center.