The Apple company has repeatedly been present at the Black Hat conferences in Las Vegas, its people are always in the audience to participate in the presentations that take place there, but until this year those from Cupertino did not hold their own conference to discuss about security of the iOS operating system.
Last night, Ivan Krstic, head of Apple's security division, discussed the work done by Cupertino's engineers to secure the iDevices sold by Apple, at the end of the conference he also announced a program through which Apple will pay money for bugs discovered in iOS.
Specifically, Apple will pay the following amounts of money for bugs discovered in:
- Secure boot firmware: $200,000
- Extraction of confidential material protected by the Secure Enclave Processor: $100,000
- Execution of arbitrary code w/kernel privs: $50,000
- Unauthorized access to iCloud account data on Apple Servers: $50,000
- Access from a sandboxed process to user data outside of that sandbox: $25,000
The highest amount offered by the Apple company for vulnerabilities discovered in iOS is $200.000 for a bug that would allow the operating system to start insecurely, and only $100.000 is offered for extracting data from the secure enclave where it is stored user fingerprints.
Although those from Apple have taken a step in the right direction and offer money for vulnerabilities, the amounts offered by them are much lower than those paid by government agencies in various countries, hackers even obtaining over 1 million dollars for exploits good enough for iOS.
Leaving these aside, Apple's Black Hat conference was called BEHIND THE SCENES OF IOS SECURITY, and below you have presented some important points from it:
With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target.
