Cars, Security and a Peek into my Life
(close-up photo credit to Elinor Mills/CNET)
Dallas De Atley, Apple’s platform security team manager, was there to speak about iOS security. It was the first time ever Apple had presented in the 15 years of the Black Hat security conference. There was much anticipation.
And did he ever deflate the room, really underwhelmed. He didn’t take questions either, and took off right after, the opposite of how it’s done.
I summarized below some intereting things, but first two observations:
1 – it wasn’t anything special, at all. I sat there thinking, “I’m understanding too much, this is Black Hat, more should be going over my head“. The articles that came out agree: Apple just read from the whitepaper they released in May, how meh.
2 – to my ear, Apple people speak with a similar tone, meter, pace… I wonder if they have a “presentation preparation department” where they’re groomed.
– it’s built from the ground up, fully integrated, and as he said, “security is not something you can sprinkle over the code at the end”
– applications are suspended by default when you hit the home button, increasing performance and battery life
– patching holes and always updating keeps things secure, so Apple’s ‘software update’ was designed to be very easy. 80% of phones are running the latest iOS, they call that success.
– all apps running on the device comes from a known location (iTunes), so this reduces the attack surface for malware (apps distributed through iTunes must first meet Apple’s strict security practices)
– the device is divided into 2 partitions: read only partition, and data. Your data is separated from the OS
– apps go through an Apple API to access user data, therefore the app can’t access your data directly
– direct data sharing between apps is not allowed
– it takes 5.5 years to attempt every combo of a 6 number pass code because you have to do it manually
Further Reading
The tracker was the size of a pager, carried in a pocket.
It was a good test: a Saturday night in a busy area, everyone on their phones hammering the cell network, plus imagine all the casino’s communications flying around, and when zoomed in you can see small movements were even recorded.
It’s not perfect though, see where it has me in the middle of the fountains at the Bellagio? Didn’t happen.
The output is a .log file that opens up in Google Earth beautifully. Test complete, a successful test!
I did it all in 5″ heels, too. That’s a good CityGirl.
When I absolutely had to, I connected from my hotel room, uncomfortably… they all have to stay somewhere. And hotel WiFi networks are like, a sport.
Don’t forget old-fashioned pen & paper.
Every year the press makes a big sensationalized deal about DefCon being “the most hostile network in the world“. Duh guys; it’s the world’s largest security conference, it’d be dissapointing if it wasn’t.
At DefCon they have the ‘Wall of Sheep‘.
It’s a ‘wall of shame’. The network is passively watched, and if your security sucks, your username and password will be captured, displayed and mocked.
There was a time when the full name and password were displayed. Not for years now though. And you know, DefCon felt different this year, I’ll explain in another post.
Admission is cash only, no information is exchanged, and there is no preferential treatment, you have to wait in a line of thousands. Then you receive a badge designated “human”.
This is my press badge. I did have to register for that, after passing through a door marked “non-human”.
Each year the badge is different, there’s an anticipation about it and the complex puzzle game competition starring the badge. Neat, eh?! The badge is a game.
They are functioning circuit boards, and came with pieces to solder on, so you could hook up to a monitor and explore around, plus they interacted with one another, which were all pieces of the puzzle… read a better description at Wired.
Interesting the Egyptian theme carried on, it was on last year’s badge.
Polar opposite eh, a disc of metal. I wore two last year (human and press), so I clank-clanked everywhere I went.
Uber Badge – Free access for life, no waiting in line ever again, the ultimate badge. A handful are awarded each year to the contest winners.
Congratulations on 20 years, DefCon! :)