Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

ONLINE REGISTRATION CLOSES OCT 13TH AT 23:59 MYT

           

Walk in registrations at The InterContinental for the conference on 16th and 17th are still accepted (walk-in rate MYR1499).

For up-to-the-minute updates on #HITB2013KUL including on-site happenings during the event, please follow @hitbsecconf on Twitter.

CYRIL ‘@POD2G’ CATTIAUX & GG (Security Researchers, QuarksLab)

PRESENTATION TITLE: How Apple Can Read Your iMessages and How You Can Prevent It

PRESENTATION ABSTRACT:

Apple’s Commitment to Customer Privacy is available online since the brand appeared in the PRISM affair. At least, one sentence is very questionable: “For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.”

Is it true? No. Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer.

Quarkslab team studied iMessage protocol for quite some time. We will explain the protocol layers, with Push then iMessage itself. With this understanding, we will be able to try to build a MITM attack toward iMessage. We will explain the mandatory conditions for the MITM to succeed. We will take you deep into the crypto used for encryption, authentication and key management. All pieces put together will prove that Apple can technically read your iMessages whenever they want.

Last but not least, we will release a tool for jailbroken devices preventing such MITM attacks.

ABOUT CYRIL ‘@POD2G’ CATTIAUX

Cyril (@pod2g) is a security researcher working for QuarksLab who has discovered and exploited several bootrom exploits on iDevices, including 24kpwn, steaks4uce, and SHAtter, as well as several userland and kernel exploits that have been used in various jailbreak tools. He is the initiator of Corona and Rocky-Racoon, the latests public jailbreaks for iOS. In December 2012, he created the 2G Lab company, focused on software development and security research projects.

ABOUT GG

gg is a security researcher working at Quarkslab since the beginning. He enjoys reverse engineering, math and looking under the hood at algorithms to understand how to tweak them.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)

GOLD SPONSORS

SILVER SPONSORS

CTF SPONSOR

CTF PRIZE SPONSOR

INTERNET CONNECTIVITY PARTNER

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HackWEEKDAY Official Ride Partner

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2013 Hack In The Box | http://www.hackinthebox.org