At the Black Hat conference, we expected to hear the Apple’s Bounty program. But, Ivan Krstic, Head of Security Engineering and Architecture at Apple, did more than that; he detailed Apple’s new security measures on the iOS 10 and iOS 9.
Among the security measures Apple plans to implement in the new operating systems is the Secure Enclave Processor, (SEP). According to Krstic, the SEP is protected by strong cryptographic master key from a user’s passcode. For this reason, an offline attack on the device is impossible, whether the central processor is compromised or not.
Krstic explained that “After initialization, the SEP uses a random digits generator to come up with a unique key for the device within the processor. The key cannot be exported, and it is stored in secure ROM, which is resistant to attacks.”
Krstic discussed other topics relating to the SEP including the “update later” mechanism, decryption of individual files without affecting all data stored in the system, how the key is not compromised even after unlocking the device using Touch ID, and the various types of temporary and permanent keys.
“Hardened WebKit JIT Mapping” protects the Safari Browser on iOS. Most other devices, including Amazon Kindle, compile JavaScript code in beforehand. But iOS assures quick JavaScript execution by compiling JavaScript just before execution, (JIT). But there is a downside to JIT implementation- it demands far much less strict code-signing, thereby making the system vulnerable.
Apple addressed the issue in the latest security measures on iOS. Apple patched the JIT security concerns by dedicating specific areas of application memory to particular tasks. Unlike before, JavaScript is now not allowed to run code in raw data storage in iOS 9 and previous versions; raw data storage is highly vulnerable to attacks. On the iOS 10, the compiled JavaScript code runs on execution-particular memory. Once the code is running on this memory, it cannot be changed, thus preventing on-the-fly code alterations attacks.
Krstic also talked about the Apple’s encryption services. The encryption services now use admin cards at some point. The admin cards are secured in separate physical safes before launching on the keyed server bank. Once the server banks start and provide encrypted data transmission, the admin cards disintegrate and are destroyed, to prevent manipulation by malicious attackers and even Apple. If the company needs to update the keyed server banks, they would have to take the old servers down and install new ones; on the fly, updates are not possible.
Kristic was not shy to address the Auto Unlock feature in Apple Watch that allows the smart watch to unlock a nearby Mac. The authentication process, according to Apple, is local to the device, thus free from manipulation by on Apple server infrastructure.
Apparently, the iOS 10 is on developer beta mode. Like most Apple products of this year, it is expected to launch in September alongside the MacOS Sierra.