Comment by hollerith

Comment by hollerith 10 months ago

9 replies

View on Hacker News

Actually, I trust Apple's hardware security enough that I think it is probably impossible for anyone in China (even though they have physical access to the devices) to alter an iPhone or Macbook so that its own electronics can be used to trigger any explosive the attacker might install in the device, so in addition to an explosive, the attacker would need to install his own radio receiver. And the attacker probably won't be able to use the device's electronics to eavesdrop on the device's user, so no ability to tell whether the user is in the group the attacker wants to target unless again the attacker installs his own electronics (including radio transmitter) to do the eavesdropping.

talldayo 10 months ago

> it is probably impossible for anyone in China (even though they have physical access to the devices) to alter an iPhone or Macbook so that its own electronics can be used to trigger any explosive the attacker might install in the device

It would be trivial for a Mossad-level adversary to get around this. The pager explosives were disguised inside the battery, not around it. If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.

This is exactly the sort of hubris modern intelligence agencies rely on in order to exploit your misplaced trust. Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.

Reply View 7 replies
  • hollerith 10 months ago

    You have not refuted the passage you quoted (which I wrote).

    Your brain substituted a similar passage that you wanted to write a refutation of.

    Reply View 2 replies
    • talldayo 10 months ago

      I didn't say they had to specifically play by your rules. There is nothing that prevents them from avoiding iPhone mainboard hardware entirely to perform this exact same exploit at-scale.

      Reply View 1 reply
      • hollerith 10 months ago

        Right, but at that point, Mossad might as well put the explosive and the electronics to receive the signal to detonate in a shoe or or a hamburger or something. The only advantage of putting them in an iPhone is people's tendency to not want to be without their iPhone even when sleeping and keeping it very close to the body.

        Reply View 0 replies
  • acdha 10 months ago

    > If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.

    There’s a 0% chance Apple wouldn’t detect that. A huge difference in battery life like that would fail QC and even the weight would have to be very close before it wouldn’t be flagged for inspection. The liability for battery fires means so dude at the factory isn’t just saying “probably fine” and using them anyway.

    > Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.

    Have you personally audited it, or are we just being asked to accept this because it would support your tribal affinities?

    Reply View 2 replies
    • talldayo 10 months ago

      > There’s a 0% chance Apple wouldn’t detect that.

      They don't have to. This could be an entirely aftermarket addition, feasibly even with functional battery DRM. I (and probably nobody here) expect Apple to be putting RDX in every iPhone, but it's entirely feasible for a targeted attack.

      > are we just being asked to accept this because it would support your tribal affinities?

      You are being asked to accept this because the Mossad and Israeli tech industry are the foremost exporters of iPhone hardware and software exploits. We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement: https://en.wikipedia.org/wiki/Cellebrite

      Reply View 1 reply
      • acdha 10 months ago

        Now you’re talking a much more expensive operation since you need to have a substantial amount of skilled labor, tools, and parts, and also convince people that it’s okay that their phones are warning them that they don’t have a genuine battery and only 75% capacity. That seems unlikely to make for a successful mass attack with so many easier options available.

        > We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement

        Well, that used to be true but it’s not anymore:

        https://www.404media.co/leaked-docs-show-what-phones-cellebr...

        Reply View 0 replies
  • [removed] 10 months ago
    [deleted]
    Reply View 0 replies
LincolnedList 10 months ago

An Iphone should weigh X grams. I think you should be able to detect tampering by weighing it.

I don't whats the margin of error/variance that passes quality control.

Reply View 0 replies