-
Encrypting for Apple's Secure Enclave
May 31, 2018 - 2200 Words |
How to properly encrypt EICES-format messages to be decrypted by the iOS and macOS Secure Enclave system
-
iPhone Secure Enclave Firmware Key Found
Aug 17, 2017 - 1700 Words |
The key to decrypt the firmware for the Secure Enclave Processor (SEP) on the iPhone 5S has been disclosed. It's actually potentially a good thing.
-
BSidesROC - A (not so quick) Primer on iOS Encryption
Apr 23, 2016 - 100 Words |
Slides from my BSidesROC talk, April 23, 2016. An overview of how iOS encryption works, with emphasis on passcoes and potential attacks.
-
Put away the tin-foil: The Apple unlock case is complicated enough
Feb 19, 2016 - 2100 Words |
A high-level summary of what we know, what we think we know, and what we know we don't know, as well as some words of caution.
-
Mobile App Authentication using TouchID and Tidas
Feb 10, 2016 - 1000 Words |
A first, rough look at a new mobile app authentication service from Trail of Bits
-
ShmooCon - Knock Knock: A Survey of iOS Authentication Methods
Jan 23, 2015 - 1700 Words |
Slides from my ShmooCon talk. A short review of multiple iOS apps and how they handle server authentication, looking at both network use and on-device storage of credentials.
-
Bypassing the lockout delay on iOS devices
Nov 18, 2014 - 700 Words |
A bug in iOS (fixed in 8.1.1) allows a well-timed reboot to bypass the forced lockout timeout, allowing for multiple PIN attempts.
-
iPhone SMS forwarding -- cool, but may be risky
Oct 24, 2014 - 700 Words |
If you've enabled SMS forwarding on your iPhone, you might want to ensure that messages don't get displayed on your Mac when it's locked.
-
Rebutting FUD and privacy issues surrounding Yosemite Spotlight
Oct 21, 2014 - 300 Words |
A response from Apple downplays security concerns raised over how Spotlight search works on Yosemite.
-
NoVA Hackers - iOS Cryptography Slides
Oct 14, 2014 - 700 Words |
Slides from a quick NoVA Hackers talk I pulled together based on recent blog posts about Apple iOS encryption and privacy changes.
-
Even more posts about iOS encryption
Oct 8, 2014 - 700 Words |
The "Apple can't decrypt devices for law enforcement" conversation continues to spawn excellent posts and explanations.
-
A (not so) quick primer on iOS encryption
Oct 6, 2014 - 3900 Words |
Making sense of how iOS encryption works, especially what's changed in iOS 8 and how Apple made it harder for law enforcement, can be difficult. I'll try to help.
-
Beacons being deployed in NYC phone booths
Oct 6, 2014 - 300 Words |
Advertising companies are placing Bluetooth beacons in New York City phone booths. Forbes explains this isn't quite as scary as many think.
-
Early look at iOS 8 configuration profile changes
Jun 18, 2014 - 200 Words |
A quick overview of changes to iOS configuation profile settings in the current iOS 8 beta.
-
iOS Malware - Still FUDish, not quite a Real Problem (yet)
Jun 10, 2014 - 800 Words |
A consolidated list of known malware for iOS. Depending on your definition of malware.
-
Apple ID Compromise and Device Lockout
May 27, 2014 - 400 Words |
Recent reports of users getting locked out of their iOS devices, probably due to compromise of their Apple ID password.
-
Sanitize your outputs: Apple ID Password Logfile Disclosure
Mar 10, 2014 - 1500 Words |
-
CVE-2014-1279 - Password Disclosure via Apple TV Touch Setup
Mar 10, 2014 - 1400 Words |
-
More Fun with Apple TV Hacking (and Manual RSA Signature Validation)
Feb 21, 2014 - 1800 Words |
-
Apple TV Hacking, Counterattacks, and Certificate Pinning
Feb 11, 2014 - 1000 Words |
-
iOS 7 and Mavericks: New feature roundup from a security perspective
Jun 11, 2013 - 1300 Words |
-
Apple, Forensics, Law Enforcement, and FUD
May 13, 2013 - 1400 Words |
-
iSniff your Wi-Fi and GPS your House
May 10, 2013 - 1300 Words |
-
iOS Configuration Profile Ransomware
Apr 11, 2013 - 600 Words |
-
Evading evasi0n: iOS 6 Jailbreak Prevention
Feb 5, 2013 - 600 Words |
-
Tracking Down the UDID Breach Source
Sep 10, 2012 - 1500 Words |
-
What the flagnog? The Apple / FBI UDID breach, simplified.
Sep 5, 2012 - 1200 Words |
-
Apple's iOS Security Overview
Jun 20, 2012 - 600 Words |
-
Apple Using Unsalted Hashes Too?
Jun 7, 2012 - 600 Words |
-
Quick Look at Apple Configurator
Mar 9, 2012 - 800 Words |
-
iOS MDM: Preventing Disassociation DOS and Potemkin Devices
Feb 22, 2012 - 600 Words |
-
Changes to Apple MDM for iOS 5.x
Jan 31, 2012 - 300 Words |
-
ShmooCon 2012 - Apple MDM Slides
Jan 28, 2012 - 100 Words |
-
iOS MDM Command Reference
Jan 26, 2012 - 100 Words |
-
Strengths and Weaknesses in Apple's MDM System
Aug 5, 2011 - 1400 Words |
-
BlackHat 2011 - Apple MDM Paper
Aug 4, 2011 - 100 Words |
-
BlackHat 2011 - Apple MDM Slides
Aug 4, 2011 - 100 Words |
-
Inside Apple's MDM Black Box -- Black Hat USA 2011
Jul 28, 2011 - 500 Words |
-
Great Googly Moogly! I'm speaking at Black Hat!
Jul 28, 2011 - 800 Words |
-
Analysis of iOS Location Data from Multiple Devices
Apr 25, 2011 - 2100 Words |
-
Is the iOS 4 location tracking privacy issue overblown?
Apr 20, 2011 - 600 Words |
-
VeriFone vs Square - A Draw?
Mar 9, 2011 - 600 Words |
-
Simple Bypass of Safari Restrictions on iOS
Feb 15, 2011 - 600 Words |
-
Bypassing MDM Restrictions for Mobile Safari on iOS 4.2
Feb 15, 2011 - 700 Words |
-
Memory Pressure, Capacity Limits, and Ubiquitous Computing
Jun 2, 2014 - 900 Words |
Last year, Apple introduced advanced power saving techniques. Can they do the same for memory? There’s never enough to smoothly switch between apps. If they can fix that, a world of opportunities opens.
-
iOS Backups are Still Broken
May 19, 2014 - 500 Words |
Backing up iOS devices to iCloud is still opaque and unreliable. And iTunes Wi-Fi backups just don't work at all.
-
Apple ID Madness
May 4, 2014 - 1100 Words |
How we set up multiple personal iCloud accounts for the family, and a couple of shared accounts for parents and kids.
-
Crazy idea for multi-user iPads
Feb 25, 2011 - 700 Words |
