Apple’s head of security engineering, Ivan Krstic, spoke at the Black Hat Conference earlier this month, and Krstic’s “Behind the Scenes of iOS Security” briefing is now available in full on YouTube. Krstic spoke about Apple security and unveiled the company’s new bug bounty program.
Krstic’s talk covered three major iOS security features, HomeKit, Auto Unlock, and iCloud Keychain. The talk offered a good amount of technical detail, also including information about hardware technology like the Secure Enclave Processor introduced with the A7 system-on-chip.
Krstic spoke at length about how the three security features handle a user’s sensitive data, how they control devices and security locks in a user’s home, store their passwords and credit card information, cryptographic design, and more.
Krstic also announced Apple’s first ever bug bounty program, which launches in September for a select group of invited researchers. The new bounty program offers cash incentives up to $200,000 for previously undiscovered software and hardware vulnerabilities. While other major electronics brands have offered similar bounties for years, Apple has always relied on its own internal testing to find bugs, so the move is a pretty big deal.
The announcement almost immediately kicked off a bidding war for zero-day vulnerabilities in Apple software and hardware, with Blackhat hacker firm Exodus Intelligence announcing it will pay up to $500,000 for those very same vulnerabilities.