A Bluetooth vulnerability was released this week for devices using up to version 5.1 of the Bluetooth specification allowing an attacker to influence the key length of the encryption key needed to setup a secure connection between to devices. According to the Bluetooth SIG (Special Interest Group), an attacker can attempt to perform this attack if two vulnerable devices are wit
If you have ever gathered connection metrics using URLSessionTaskTransactionMetrics then you may have noticed that this year Apple has now exposed a few TLS properties to the public API. The first is negotiatedTLSCipherSuite and the next negotiatedTLSCipherSuite. The reason this is interesting is that these values seem to have been around since iOS 7, but now are being released in the Security framework in the new iOS 13 beta. These properties will be very useful for connection diagnostics
Today after reviewing the public disclosure from Jonathan Letischuh on Medium about the Zoom webcam exploit I decided to take a look at my local copy of macOS 10.15 and detail my tests for anyone wanting to test this on their machine or prevent this from happening to them too. This exploit is covered in full detail at
On December 6th, 2018 iOS 12.1.1 came out and now requires that all publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15th, 2018 meet the Certificate Transparency policy to be trusted on Apple's platforms. This will mean that all certificates used in iOS applications will need to include
As a long time mobile and server side engineer I have been involved in many different types of projects over the years. Some small, and some large, but all with one recurring trend; the mobile clients need to consume data from a server to perform a task. Sometimes this data being consumed is small, and other times the application needs to continuously poll or be notified of new data to keep the application up to date it real time.
On September 11th, 2018 the OpenSSL team released a Long Term Support (LTS) version (1.1.1) of OpenSSL which will be supported by the community and the core team for the next five years. This LTS release includes many new features such as TLS 1.3, ABI version compatibility, new cryptography algorithms, and an overhaul in many areas to the random number generators included in OpenSSL.
Python just received a minor version update to Python 3.7 with many new performance enhancements, added features, and module improvements to the language. One of the existing Python modules in 3.7 that received some nice new enhancements is the ssl module.
In the last couple of months I have found myself in situations where I have needed to diagnose transport security issues from from the context of an iOS application. This often can be difficult from the client side perspective as you may not know anything about the minimum TLS version, preferred cipher suite, or the certificate in use on the server. Often, the best move you have, if you do not have a direct line to the server side team, is to test different settings to diagnose what works and what does not.
One of my favorite sessions I attended at WWDC this year was entitled "Your Apps and Evolving Network Security Standards." I highly encourage anyone to watch the video who has not already. It was a session covering all of the latest network security enhancements that Apple is supporting across their platforms.