Apple security chief will talk iOS 13, macOS Catalina at Black Hat

By

Black-Hat-security-conference
Ivan Krstic last appeared at Black Hat in 2016.
Photo: Black Hat

Apple security chief Ivan Krstic will be returning to the Black Hat security conference this summer to discuss iOS 13 and macOS Catalina — as well as the security protections in Apple’s new Find My service.

The 50-minute talk, titled “Behind the scene of iOS and Mac Security,” will take place on August 8. Krstic describes it as the “first public discussion of several key technologies new to iOS 13 and the Mac.”

Krstic, whose official title is Head of Security Engineering and Architecture, last spoke at the Black Hat conference in 2016. Apple has made lots of improvements to software security since then, and with major updates to iOS and macOS right around the corner, it seems a good time for a reappearance.

This year’s talk will cover three main topics “in unprecedented detail,” according to Krstic’s description on the Black Hat website.

Behind the scenes of iOS and Mac Security

“We will delve into the history of code and memory integrity technologies in the iOS kernel and userland, culminating in Pointer Authentication Codes (PAC) in the Apple A12 Bionic and S4 chips,” Krstic writes.

“We will take a close look at how PAC is implemented, including improvements in iOS 13.”

Another of the topics will cover Apple’s T2 Security Chip — and specifically the boot sequence of a Mac with a T2 chip installed. Krstic will explain the key defenses at each step, which have not been publicly discussed before.

Explaining the new Find My service

The third topic will examine Apple’s improved Find My service, which enables users to locate lost Mac and iOS devices even when they’re not connected to a wireless network — without revealing sensitive information to Apple.

“We will discuss our efficient elliptic curve key diversification system that derives short non-linkable public keys from a user’s keypair, and allows users to find their offline devices without divulging sensitive information to Apple.”

Krstic’s talk will kick off at 12:10 p.m. PT on August 8. You’ll need a ticket to Black Hat to enjoy it.