• 0 Posts
  • 65 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle







  • I’m not claiming iPhones are superior. I don’t care about dumb OS wars, just don’t put things on your phone expecting that they can’t be retrieved. That’s the only point I’m trying to make here.

    And the keys absolutely would give them access since those keys are used to sign Apple software which runs with enough privileges to access the encryption keys stored in the “Secure Enclave”. Anything you entrust to a company’s software is only as secure as the company wants to make it, and the only company to publicly resist granting that acces is Apple (so far)



  • They’re exploiting vulnerabilities and back doors not brute forcing your passcode. The only way you’re keeping them out is with hardware encryption which the iPhone has and probably why it’s the only one not vulnerable. Hardware encryption also won’t matter if your vendor shares their keys with law enforcement. As far as I’m aware, Apple is the only one that’s gone to court and successfully defended their right to refuse access to encryption keys.

    Don’t put anything incriminating on your phones.







  • underisk@lemmy.mltoLinux@lemmy.mlXZ backdoor in a nutshell
    link
    fedilink
    arrow-up
    28
    arrow-down
    1
    ·
    8 months ago

    I think ideas about prevention should be more concerned with the social engineering aspect of this attack. The code itself is certainly cleverly hidden, but any bad actor who gains the kind of access as Jia did could likely pull off something similar without duplicating their specific method or technique.