Apple iOS Black Hat talk had bark, but no bite | SC Media
Mobile

Apple iOS Black Hat talk had bark, but no bite

July 26, 2012

Apple's much-ballyhooed first-ever talk at the Black Hat conference lacked any of the fireworks that the standing-room only crowd had been hoping for.

Dallas De Atley, manager of the platform security team at Apple, presented "iOS Security", the simply (but blandly by Black Hat standards) titled talk on Thursday morning. But it only took a few seconds to realize that that was Apple's plan. The company is uncomfortable publicly speaking about its security posture, so a talk like this was going to be all business from start to finish.

Engaging, competent and cogent, De Atley said the right things to win over an often-cynical security-conscious crowd of hackers and developers.

"Our attitude is that security is architecture -- you have to build it from the very beginning," he said to open the talk.

De Atley said Apple recognizes the difference between securing its OS X versus iOS, considering mobile devices are always on, always connected, carry loads of personal information (contacts, text messages, etc.), and they "live in your pocket." He went on to describe the fundamental security tenets of Apple's mobile operating system: Secure Boot, Personalization, Code Signing, Sandboxing and Data Protection.

But De Atley's presentation lacked anything particularly novel, which is opposite of the custom at Black Hat, where researchers from around the world use the grand stage of the conference to expose riveting secrets about the vulnerability of software and hardware.

Instead, his talk pretty much mirrored a May 2012 white paper on iOS security.

And in the reserved fasion we've come to expect from Apple, De Atley didn't even take any questions from the crowd or stick around after to informally chat with attendees, as is the custom here.

Not that many people were particularly surprised that the session lacked any real sparks.

"The Apple speech was exactly what I suspected: an overview of the security features as documented in that pdf," tweeted Stefan Esser, a noted Mac and iOS security expert. Esser, ironically, took the podium in the same room as De Atley, 30 minutes later, to present his talk: "iOS Kernel Heap Armageddon Revisited."

"Disappointing that the apple security [rep] didn't take questions at the end of the talk," tweeted Charlie Miller, who's been known to drop an Apple 0-day or two during his stay in Vegas.

prestitial ad