macOS Sierra’s Auto Unlock Feature Explained by Craig Federighi

Apple’s senior VP of Software Engineering Craig Federighi, has detailed the built-in security features of MacOS Sierra’s Auto Unlock during a recent episode of The Talk Show podcast by John Gruber of Daring Fireball (via BGR). When asked what security mechanisms Apple has incorporated to make the feature truly secure, Federighi explained how the feature prevents someone from being able to open up another person’s MacBook, who just so happens to be in the same room.

Macos auto unlock

For those who don’t know, the new feature allows users wearing an Apple Watch to quickly unlock their Mac and bypass the pesky password prompt altogether. Here’s how Federighi explained the security behind Auto-Unlock:

“It’s a continuation of the work we did with continuity to develop really low-power BTLE based discovery protocols so that your devices could discover each other continuously with acceptable overhead from a battery point of view. And also, all the authentication mechanisms we put in place as far as having your devices know that they’re your devices. So that’s kind of a foundation.

The unique challenge with auto-unlock is that you don’t want a kind of relay-attack, where Phil is actually well far away from his office and someone basically has a bluetooth listener that will forward a signal to you, because you’re now by his Mac, and this Mac is having a conversation with Phil’s watch over a very long distance. And so, we’re actually able to do time of flight calculations using peer-to-peer Wi-Fi where we literally can measure how long at the speed of light it’s taking for the signal to travel from your Mac to your watch and back.

And because of that, if you interposed any kind of relay, it would introduce a delay that would immediately tell us that there are hijinks afoot. So that piece is critical”.

To catch the full episode of the podcast (Ep. 159) on iTunes, click here.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca