PAC-MAn and Ghosts: A practice and breakthrough on Pointer Authentication in iOS - Xiaolong Bai and Min (Spark) Zheng, Alibaba Inc.
Pointer Authentication is the newest security defense in iOS, which is a hardware feature protecting pointers with cryptographic signatures. In this talk, I will explain how Pointer Authentication protects iOS system with a hands-on practice. Then, most importantly, I will show an astonishing finding in Pointer Authentication's implementation on iOS: there is a fatal flaw in the key management on iOS. Such a flaw would allow an attacker to break through Pointer Authentication protection and compromise privileged system components. This will be the first public talk about practice on Pointer Authentication, and the first to show its weaknesses.