At the Black Hat security conference in August, a lead Apple security executive will offer new details on iOS 13 and macOS Catalina. The talk will run for 50 minutes and is entitled “Behind the Scenes of iOS and Mac Security.”
The talk will be led by Ivan Krstic, Apple’s head of security engineering and architecture. Krstic spoke at Black Hat in 2016 as well. According to a teaser on the Black Hat website, Krstic will focus on three primary things during his talk. Those are the T2 security chip, the new Find My app in iOS 13 and macOS Catalina, and code integrity enforcement.
We will take a close look at how Pointer Authentication Code (PAC) is implemented, including improvements in iOS 13. We will also discuss previously-undisclosed VM permission and page protection technologies that are part of our overall iOS code integrity architecture.
We will walk through the boot sequence of a Mac with the T2 Security Chip and explain key attacks and defenses at each step, including two industry-first firmware security technologies that have not been publicly discussed before.
The Find My feature in iOS 13 and macOS Catalina enables users to receive help from other nearby Apple devices in finding their lost Macs, while rigorously protecting the privacy of all participants. We will discuss our efficient elliptic curve key diversification system that derives short non-linkable public keys from a user’s keypair, and allows users to find their offline devices without divulging sensitive information to Apple.
