Put on your black hat —

Head of iOS security to speak at Black Hat for the first time

Researcher Charlie Miller isn't sure the talk will offer much new info, though.

Apple Platform Security Manager Dallas De Atley is scheduled to present a talk at the annual Black Hat security conference on July 26. The talk, which will focus on "key security technologies in iOS," is the first official appearance by Apple since the conference's inception 15 years ago, and may be yet another sign that Apple is taking security more seriously than it has in the past.

Smartphone users are increasingly relying on their devices as a mobile repository of personal information, so securing that information is becoming a mainstream concern. For instance, iOS 6 will offer new features such as Passbook, which links a variety of user accounts from places like airlines and movie theaters in order to offer instant access to coupons, boarding passes, and other customer information. This information could potentially be used by hackers in addition to existing information like contacts, calendar items, e-mails, and other potentially sensitive data that is already stored on our phones.

While Apple has implied for years that its platforms were impervious to hackers and malware, recent events have revealed chinks in the armor.

For instance, security researcher Charlie Miller last year revealed a major flaw in iOS's security system meant to keep applications from executing code from writeable areas of memory. Goading an application to execute new instructions by overwriting otherwise protected memory areas is a common way hackers break in to systems. Miller further embarrassed Apple by getting an app that demonstrated the flaw past its App Store review process, earning the researcher a one-year ban from the iOS developer program.

Additionally, the first verified iOS malware app, a trojan dubbed "Find and Call," was discovered by researchers earlier this month. The app tricked users into uploading their entire contact list to a server, which then spammed all uploaded contacts with SMS messages that appeared to come directly from the user.

The appearance at Black Hat is seen by some as a tacit admission that Apple needs to engage the security and hacker communities more directly. "Bottom line—no one at Apple speaks without marketing approval," Black Hat General Manager Trey Ford told Bloomberg. "Apple will be at Black Hat 2012, and marketing is on board."

But the planned discussion may not be very useful, according to Miller. "Maybe I'm wrong, but I think the community already understands everything about iOS security," he told Ars. "I'd rather hear about stuff we don't know about, like the app review process, internal security testing Apple performs, and how they deal with researchers."

Apple did not respond to our requests for more information about the planned talk.

Black Hat USA 2012 is currently in progress in Las Vegas. The scheduled briefings, including De Atly's iOS presentation, take place Wednesday and Thursday.

Listing image by Photo by Flickr user jimmyroq

Channel Ars Technica