undefined | Better HN

0 pointschongli2y ago0 comments

One straightforward idea: Once the phone is unlocked (e.g. by pin code) allow the user to authorize the new hardware.

I don't think most users are capable of auditing their generic hardware to be sure it is free of backdoors.

0 comments

Y_Y2y ago

It's sad that that's not up to the user. maybe paternalistic comprising is what Apple's customers really want, but I'm convinced it's bad for the user and bad for society in the long run.

chongliOP2y ago

I think it's a natural consequence of miniaturization and other technology advancements. With today's technology you can hide a hardware backdoor inside a counterfeit version of a chip and the only way it could be detected would be to de-cap the chip and examine it under an electron microscope.

kaba02y ago

Hard disagree — there are plenty of things where human brains will take a shortcut no matter how smart the individual is. Security is especially a category where humans will fault, no matter what.

Y_Y2y ago

It's not clear to me how your statement disagrees with mine.

okennedy2y ago

I'm not convinced that they need to. What threat model are you considering? In this case, the privilege that the user is granting the new hardware is the authority to unlock the phone.

Since the phone has to already be unlocked for this privilege to be granted, it can't be used to bypass authentication.

The hardware is already installed by this point, so if it's 'spying' it can do that. The user's choice has no impact on the hardware's ability to record and/or deliver information.

At best, the replacement hardware would be able to unlock the phone for the attacker at some later time. However, the cost of getting this customized unlocking device into the phone seems high given that the attacker needs physical access to the device to embed the hardware in the first place, and then again at a later time to get into the device.

j / k navigate · click thread line to collapse

0 comments

Y_Y2y ago

It's sad that that's not up to the user. maybe paternalistic comprising is what Apple's customers really want, but I'm convinced it's bad for the user and bad for society in the long run.

chongliOP2y ago

kaba02y ago

Y_Y2y ago

It's not clear to me how your statement disagrees with mine.

okennedy2y ago

I'm not convinced that they need to. What threat model are you considering? In this case, the privilege that the user is granting the new hardware is the authority to unlock the phone.

Since the phone has to already be unlocked for this privilege to be granted, it can't be used to bypass authentication.

The hardware is already installed by this point, so if it's 'spying' it can do that. The user's choice has no impact on the hardware's ability to record and/or deliver information.

j / k navigate · click thread line to collapse