Ivan Kristin earlier this month gave a talk at Black Hat around the security of iOS. He covered the three main concerns,
"HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target."
The full video is available here.
Some people seem to be confused by what Roothack is so I wanted to start this post by explaining it a little bit. Roothack.org is hacker lab where we bring you multiple environments and levels that will teach you the basics of hacking, or exploitation if you will. We recently just facelifted the entire project and it is continuing to gain users weekly.
We've been working on this for quite sometime and we will continue to work on it for quite sometime. Some changes may occur, the site maybe offline line, from time to time, but we will do our best to keep things up and operation. This new system should be us a tremendous amount of flexibility to do just that. We hope you enjoy.
Hack3r has been getting quite a lot of hits lately and in the interest of future development we have decided to upgrade Hack3r.com to Drupal 7. We've removed a lot of the functionality from the website in the process that was pertaining to Roothack so currently Roothack is offline until further notice.
We've completely rebuilt it from the ground up so we can manage our Roothack content a bit better and we hope that people will enjoy what we are soon about to offer. For now, just stay tuned.
Welcome to the new hack3r.com. While it may seem like things have been getting slow to some, Hack3r.com and Roothack.org still see a combined average of 400 hits a day from all over the world. Which means people are still coming to us to get information and play in RH's only online game that is up at the moment, The Sirens.
Sirens will be up for the time being however I may turn them off from time to time to move things around and get ready for the new launch of roothack.org. As always, stay tuned.