Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Is The Pen Mightier Than The Sword? A First Look Into The Security of The Apple Pencil and the Apple SmartKeyboard

Stefan Esser

3 vote(s)

Have you left your iPad unattended in a hotel room? Or perhaps, have seen an unattended iPad in locations like a coffee shop? All it takes is a brief moment of negligence for a third party to access them, and guess what, MILLIONS of people leave their iPads unattended everyday.

iOS security features such as the passcode lock are typically sufficient to protect the data on the device from being retrieved or manipulated. However, near to nothing is known about the security risk of the accessories often sold along the iPad (Apple Pencil, Apple SmartKeyboard). Can these connected accessories be manipulated to record your actions on the iPad, keystrokes, or launch attacks against the device itself?

In this session we will:

- Show how both devices house embedded ARM CPUs and run firmware that can be upgraded from the iPad
- Describe the firmware update process and discuss its security
- Demonstrate how we got started into reversing the firmware and evaluating the attack surface of these accessories
- Evaluate the security of the Apple Pencil and Apple SmartKeyboard and try to answer the questions above


Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German security company SektionEins GmbH that he co-founded. In 2010 he did his own ASLR implementation for Apple’s iOS and shifted his focus to the security of the iOS kernel and iPhones in general. Since then he has spoken about the topic of iOS security at various information security conferences around the globe. In 2012 he co-authored the book the iOS Hackers Handbook.