Comment by kart23
Comment by kart23 3 days ago
someone in the US government is probably freaking out about all these iphones and macbooks made in china right now.
Comment by kart23 3 days ago
someone in the US government is probably freaking out about all these iphones and macbooks made in china right now.
An Iphone should weigh X grams. I think you should be able to detect tampering by weighing it.
I don't whats the margin of error/variance that passes quality control.
> it is probably impossible for anyone in China (even though they have physical access to the devices) to alter an iPhone or Macbook so that its own electronics can be used to trigger any explosive the attacker might install in the device
It would be trivial for a Mossad-level adversary to get around this. The pager explosives were disguised inside the battery, not around it. If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.
This is exactly the sort of hubris modern intelligence agencies rely on in order to exploit your misplaced trust. Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.
Right, but at that point, Mossad might as well put the explosive and the electronics to receive the signal to detonate in a shoe or or a hamburger or something. The only advantage of putting them in an iPhone is people's tendency to not want to be without their iPhone even when sleeping and keeping it very close to the body.
> If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.
There’s a 0% chance Apple wouldn’t detect that. A huge difference in battery life like that would fail QC and even the weight would have to be very close before it wouldn’t be flagged for inspection. The liability for battery fires means so dude at the factory isn’t just saying “probably fine” and using them anyway.
> Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.
Have you personally audited it, or are we just being asked to accept this because it would support your tribal affinities?
> There’s a 0% chance Apple wouldn’t detect that.
They don't have to. This could be an entirely aftermarket addition, feasibly even with functional battery DRM. I (and probably nobody here) expect Apple to be putting RDX in every iPhone, but it's entirely feasible for a targeted attack.
> are we just being asked to accept this because it would support your tribal affinities?
You are being asked to accept this because the Mossad and Israeli tech industry are the foremost exporters of iPhone hardware and software exploits. We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement: https://en.wikipedia.org/wiki/Cellebrite
Now you’re talking a much more expensive operation since you need to have a substantial amount of skilled labor, tools, and parts, and also convince people that it’s okay that their phones are warning them that they don’t have a genuine battery and only 75% capacity. That seems unlikely to make for a successful mass attack with so many easier options available.
> We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement
Well, that used to be true but it’s not anymore:
https://www.404media.co/leaked-docs-show-what-phones-cellebr...
Evocative of the "power user" scene from Iron Sky[0]
This is a little over-the-top, but I do agree that the clinical way some are handling this understates the horror of what's happening. These people were at home or running errands or at work, not pointing a gun at anyone at that particular moment.
With fairness though, this is exactly the risk we run as an importer-state of electronics that cannot secure our own supply chains. We've been dealing with the digital risk of backdoored electronics for the better half of a decade; physical risks were only a matter of time.
There exists meaningful mitigation (eg. inspect imported electronics at random) but ultimately this risk is our just-deserts as Americans. If our smartphone and car manufacturers didn't take their jobs to other countries, then we'd be able to sleep a whole lot easier. Turns out, there is a bipartisan interest in making America hostile to manufacturing jobs.
Actually, I trust Apple's hardware security enough that I think it is probably impossible for anyone in China (even though they have physical access to the devices) to alter an iPhone or Macbook so that its own electronics can be used to trigger any explosive the attacker might install in the device, so in addition to an explosive, the attacker would need to install his own radio receiver. And the attacker probably won't be able to use the device's electronics to eavesdrop on the device's user, so no ability to tell whether the user is in the group the attacker wants to target unless again the attacker installs his own electronics (including radio transmitter) to do the eavesdropping.