NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY!

NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! Show More
magnifying glass icon
Andrey Belenko

Andrey Belenko

Former Senior Security Engineer at NowSecure

Andrey has developed successful digital forensics products, published cutting-edge research, secured multiple U.S. patents, and spoken at more than 40 security events (including at BlackHat on four continents).

iCloud Keychain and iOS 7 Data Protection – Passwords 13

When Apple announced iOS 7, iCloud Keychain was one of its key features. It is no doubt great for usability, but what about security? What kind of access does Apple have to your passwords stored in the iCloud?

These are the questions that viaForensics researcher Andrey Belenko (@abelenko) set out to answer in his presentation “iCloud Keychain and iOS 7 Data Protection.” The presentation was given at Passwords 13 on December 2, 2013. Slides are below.

To keep up with everything NowSecure follow us on twitter @NowSecureMobile

Abstract

When Apple announced iOS 7, iCloud Keychain was one of its key features. It is no doubt great for usability, but what about security? What kind of access does Apple have to your passwords stored in the iCloud? This talk will address this and other questions.

The talk is focused on protection of user data. We will review iOS Data Protection and changes that iOS 7 brought to it. We will see what is new and where is Apple going with this. We will explore in great detail the inner workings of the new iCloud service „ ‘escrowproxy’„ which is the essence of the iCloud Keychain. Other iCloud services, such as iCloud Backup, will receive some attention, too.

Main giveaway of the talk is the in-depth analysis of the new iCloud Keychain feature. You will learn how, when, and where things are encrypted, and what it takes to decrypt them.

This talk is about iOS, but it’s not about exploitation or malware. It is, in fact, mostly about the use of cryptography to protect user data. But fear not, there will be no scary mathematical formulas involved.