undefined | Better HN

0 pointsLeherenn5y ago0 comments

What makes it less of an issue for black hats? Do they have access to symbols/source code that security researchers do not/are not willing to use?

I certainly understand the frustration for legitimate researchers, and there's plenty to be said about having the source code available to make auditing easier but in itself it seems that making a black hat take 6 months instead of 1 to create an exploit raise the skill/patience level needed and busy them for while where they are not working on the next exploit.

0 comments

2 comments · 1 top-level

saagarjha5y ago· 1 in thread

Yes: black hats have much more incentive and generally larger, more focused teams to find these bugs, and they aren't concerned with the issues of buying stolen devices and source code on the black market. (If you're curious, search for "dev-fused iPhone" and "iBoot source code". The Project Zero team works from about the worst situation possible, choosing to even forgo using services like Corellium.)

LeherennOP5y ago

Thanks for the detailed explanation!

j / k navigate · click thread line to collapse