undefined | Better HN

0 pointsrelaxing2mo ago0 comments

Then an attacker could load an older, exploitable OS and gain access.

0 comments

12 comments · 4 top-level

gambiting2mo ago· 4 in thread

Weirdly I care more about my rights as the owner of the device than the rights of a theoretical attacker.

I’m all for a system that allows you to wipe the device to do a downgrade or upgrade (just like any PC with an unset bios password allows) but the idea that it’s a good design for someone without my OS password to be able to downgrade my OS or perform any operation on my OS is insane.

What’s even the point of setting a password if anyone can manipulate the system without entering it in?

The entire iPhone OS is on an encrypted volume and that is the right design choice. Not having the password means no access.

There is no general purpose encrypted volume operating system that allows unauthenticated users to perform OS manipulation. If you encrypt your FreeBSD, Linux, or Windows volume, the result is the same: no password, no access.

Your choice is to enter the correct password or wipe the disk.

The fact that Apple doesn’t allow you to set up a system without full disk encryption is not a user freedom issue, it’s a very sensible design choice especially for a device sold primarily to non-technical consumers who don’t understand the security implications of leaving the volume unencrypted.

The issue here isn’t that iOS security is designed wrong, the issue is that Apple broke basic password entry with an update.

Shame on Apple for having such lazy software development practices when it comes to implementing updates like this.

gambiting2mo ago

Yeah I agree that a downgrade that always results in a full wipe is a good compromise.

PierceJoy2mo ago

So don’t buy an iPhone if you don’t care about the security of your device and personal information. That would introduce a massive security hole that would negatively affect far more users than it would help.

somenameforme2mo ago

I doubt that. The group of people you're talking about are those who have their phone maliciously stolen by people who are actively working to hack/exploit their way into the devices and then actively exploit the information stored on them. That is a utterly negligible percent of users, or even of users who have their phone stolen. The overwhelming majority of thieves of intent move the devices onto professional orgs that wipe them, jailbreak them, package them, and then ship them on to other entities that resell them.

The percent that might want to choose a different-than-latest version of OS would also of course be quite small, but I suspect it would be orders of magnitude larger than the other group we're speaking of just because that group of people is going to be so absurdly tiny.

1 more reply

LocalH2mo ago· 3 in thread

Not allowing downgrades is the biggest contributor to smartphones becoming e-waste.

Apple should be forced to do this by law, but only after they discontinue software support. If they're willing to continue making small, incremental patches when necessary (such as to fix this obvious bug) then it's fine that they can still block downgrades. But at EOL? They should be legally required to allow old software to be installed.

This also impacts software compatibility - any 64-bit device that is now EOL that got updated to iOS 11 or newer is forever barred from running 32-bit apps just because people are worried that someone might take that old device and downgrade it as an attack?

The average person should always stay updated to the latest version for security reasons. But the power users should be able to choose which version they run, at least on devices that aren't currently supported at all.

Daily reminder that the first two iPhones and the first iPod touch had zero firmware signing, and you could freely install any supported version at any time, and can still do so today. That being the case has probably harmed 0.00001% of people at most

ua7092mo ago

> Not allowing downgrades is the biggest contributor to smartphones becoming e-waste.

Citation needed. My guess is the biggest contributor to smartphones becoming e-waste is gravity.

BigGreenJorts2mo ago

I have heard many replace their phones due to dropping them and becoming unusable. But everyone uses a case now and the build quality is generally better that one mishap does trash the phone. Most people I know getting new phones now did so bc their old phone "got too slow to be usable." I believe that's a matter of new OS versions really are much heavier. Both my last 2 phones I had upgraded bc I went one version too far and had a nearly bricked phone.

LocalH2mo ago

Any phone that gets more support than it should have, such that the only OS you can install is too slow to make using the device enjoyable, makes it more likely for the device owner to throw that device out, and then it becomes e-waste.

It also harms software preservation. Sure, we have IPSWs for every single public build of iOS that exists (and if you dig around, probably a ton of betas and even internal builds). But you can't really do anything with any of them once you get to the point in the iOS product line where things were sufficiently hardened

abcd_f2mo ago· 1 in thread

It should be then a switch in the settings.

kube-system2mo ago

What should we label it? “Waste time entering alphanumeric password that provides no security benefit”?

The particular use case you’re asking for here has no logical reason for existing

4nonverbal-alit2mo ago

This is not an excuse to let people choose if they allow os downgrades or not. Like bootloader unlock option on android devices.

Also people find exploits on newer OS versions as well. Downgrading makes it easier but not downgrading doesn’t make the device unhackable.

j / k navigate · click thread line to collapse