Intercepting iCloud Keychain

Presented at Black Hat USA 2017, July 26, 2017, 5:05 p.m. (25 minutes)

iCloud Keychain employs end-to-end encryption to synchronise secrets across devices enrolled in iCloud. We discovered a critical cryptographic implementation flaw which would have allowed sophisticated attackers with privileged access to iCloud communications to man-in-the-middle iCloud Keychain Sync and gain plaintext access to iCloud Keychain secrets.

Presenters:

• Alex Radocea - Founder, Longterm Security, Inc.
  Alex Radocea started in Security by testing firms from an office on Wall St at Matasano. He's worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify.

Links:

• https://www.blackhat.com/us-17/briefings/schedule/#intercepting-icloud-keychain-7405
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Intercepting iCloud Keychain.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2017/Intercepting iCloud Keychain.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=sR6KeCaCRMA
• https://www.blackhat.com/docs/us-17/wednesday/us-17-Radocea-Intercepting-iCloud-Keychain.pdf

Similar Presentations:

• Objective by the Sea version 2.0 (2019) / KeySteal: A Vulnerability in Apple's Keychain
• DeepSec 2013 „Secrets, Failures, and Visions“ / Cracking And Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage.
• REcon 2013 / Apple iCloud services reversed inside out