Apple's First Ever Black Hat Security Talk

(close-up photo credit to Elinor Mills/CNET)

Dallas De Atley, Apple’s platform security team manager, was there to speak about iOS security.  It was the first time ever Apple had presented in the 15 years of the Black Hat security conference.  There was much anticipation.

And did he ever deflate the room, really underwhelmed.  He didn’t take questions either, and took off right after, the opposite of how it’s done.

I summarized below some intereting things, but first two observations:

1 – it wasn’t anything special, at all.  I sat there thinking, “I’m understanding too much, this is Black Hat, more should be going over my head“.  The articles that came out agree: Apple just read from the whitepaper they released in May, how meh.

2 – to my ear, Apple people speak with a similar tone, meter, pace… I wonder if they have a “presentation preparation department” where they’re groomed.

About Apple’s iOS Security

it’s built from the ground up, fully integrated, and as he said, “security is not something you can sprinkle over the code at the end”

applications are suspended by default when you hit the home button, increasing performance and battery life

patching holes and always updating keeps things secure, so Apple’s ‘software update’ was designed to be very easy.  80% of phones are running the latest iOS, they call that success.

all apps running on the device comes from a known location (iTunes), so this reduces the attack surface for malware (apps distributed through iTunes must first meet Apple’s strict security practices)

the device is divided into 2 partitions: read only partition, and data. Your data is separated from the OS

apps go through an Apple API to access user data, therefore the app can’t access your data directly

– direct data sharing between apps is not allowed

it takes 5.5 years to attempt every combo of a 6 number pass code because you have to do it manually

Further Reading


NY Times

Cult of Mac

The Register