• HeartyBeast@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    3
    ·
    8 months ago

    Apple are much much smarter than me, so I’m sure have mitigated against this, but this feels like a securirty nightmare waiting to happen:

    Bad guy gets hold of the technology, works out an exploit to send unofficial update and then “patches” a containership full of iPhones.

        • B0rax@feddit.de
          link
          fedilink
          arrow-up
          6
          ·
          8 months ago

          It’s basically the same as updating the iPhone over usb. There has not been a chance to have the iPhone run a modified iOS update in over 10 years now iirc.

          It is not like people have not tried.

        • FooBarrington@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          Why would they attempt to go through unsold iPhones? They can simply force Apple to push updates to all existing iPhones.

          • HeartyBeast@kbin.social
            link
            fedilink
            arrow-up
            1
            arrow-down
            4
            ·
            8 months ago

            If I’m (say) the UK intelligence service and I want to spy on (rolls dice) a group of people in Switzerland- it much easier for me to intercept their packages and patch them in transit then having to talk to Apple.

            • FooBarrington@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              I disagree. If the packages aren’t routed through UK, you’d have to work with other countries secret service, distribution companies, and you have much more legal troubles to consider.

              • HeartyBeast@kbin.social
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                8 months ago

                Because clearly a secret service of one country could never infiltrate FedEx’s distribution depot in another.

                • FooBarrington@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  Because the secret service of one country acting in another country where they don’t have jurisdiction is an international political crisis that could lead to war. Don’t play dumb.

                  One means a country forcing a company acting inside that country to do something. The other means one country having to ask another country to be allowed to force a company acting inside the other country to do something. See where one is much easier?

                  • HeartyBeast@kbin.social
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    2
                    ·
                    edit-2
                    8 months ago

                    Don’t play dumb.

                    The irony is strong in this one. But if you really want to believe that intelligent agencies don’t work covertly overseas, I’ll leave you to it.

      • stoy
        link
        fedilink
        arrow-up
        4
        arrow-down
        4
        ·
        8 months ago

        I like iPhones, but this is just reckless, it is only a matter of time untill an exploit is found to bypass the certificate check.

        For the time being the system is secure, but claiming 100% security based on a certificate checking routine is just dumb.

        Look at the PS3, for years it was thought to be unhackable, then exploits were found to bypass the security.

        Now, obviously this is unlikely to happen at stores selling new devices as the access to them will be limited, but you can’t just claim absolute security.

        Will this feature be turned off when the phone is activated? What if it is forgotten about, or deemed unneeded? I could absolutely see a bad guy setting up a system to trigger the update mode, which probably will have lower security since Apple will only expect the devices to activate the system in a store.

        What could the bad guy do with the phone in that mode? Probably quite a bit more than the user wants.

        • B0rax@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          Good that you pointed that out, I am sure Apple has not thought about that obvious threat vector. /s

          • stoy
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            8 months ago

            I am sure they have, as an IT guy I just dislike broad statements about how security is not an issue because of X.

            • B0rax@feddit.de
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              8 months ago

              Says you, who made a broad statement how this is reckless without knowing more details about it.

              • stoy
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                8 months ago

                Simply stating an oppinion based on a decade of experience.