Intercepting iCloud Keychain

Black Hat USA 2017

Presented by: Alexandru Radocea
Date: Wednesday July 26, 2017
Time: 17:05 - 17:30
Location: Lagoon ABCGHI

iCloud Keychain employs end-to-end encryption to synchronise secrets across devices enrolled in iCloud. We discovered a critical cryptographic implementation flaw which would have allowed sophisticated attackers with privileged access to iCloud communications to man-in-the-middle iCloud Keychain Sync and gain plaintext access to iCloud Keychain secrets.

Alexandru Radocea

Alex Radocea started in Security by testing firms from an office on Wall St at Matasano. He's worked on Product Security at Apple, Crowdstrike, and most recently the Security team at Spotify.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats