Comment by talldayo

Comment by talldayo a day ago

7 replies

View on Hacker News

> it is probably impossible for anyone in China (even though they have physical access to the devices) to alter an iPhone or Macbook so that its own electronics can be used to trigger any explosive the attacker might install in the device

It would be trivial for a Mossad-level adversary to get around this. The pager explosives were disguised inside the battery, not around it. If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.

This is exactly the sort of hubris modern intelligence agencies rely on in order to exploit your misplaced trust. Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.

hollerith a day ago

You have not refuted the passage you quoted (which I wrote).

Your brain substituted a similar passage that you wanted to write a refutation of.

Reply View 2 replies
  • talldayo a day ago

    I didn't say they had to specifically play by your rules. There is nothing that prevents them from avoiding iPhone mainboard hardware entirely to perform this exact same exploit at-scale.

    Reply View 1 reply
    • hollerith a day ago

      Right, but at that point, Mossad might as well put the explosive and the electronics to receive the signal to detonate in a shoe or or a hamburger or something. The only advantage of putting them in an iPhone is people's tendency to not want to be without their iPhone even when sleeping and keeping it very close to the body.

      Reply View 0 replies
acdha a day ago

> If you replaced the iPhone's 4500mAh battery with a 3500mAh one containing RDX and a 3G radio, you'd have to be mega-paranoid before you noticed the difference.

There’s a 0% chance Apple wouldn’t detect that. A huge difference in battery life like that would fail QC and even the weight would have to be very close before it wouldn’t be flagged for inspection. The liability for battery fires means so dude at the factory isn’t just saying “probably fine” and using them anyway.

> Apple's hardware security, much like their software security, is mostly predicated on marketing and not the transparent or accountable defense of your device.

Have you personally audited it, or are we just being asked to accept this because it would support your tribal affinities?

Reply View 2 replies
  • talldayo a day ago

    > There’s a 0% chance Apple wouldn’t detect that.

    They don't have to. This could be an entirely aftermarket addition, feasibly even with functional battery DRM. I (and probably nobody here) expect Apple to be putting RDX in every iPhone, but it's entirely feasible for a targeted attack.

    > are we just being asked to accept this because it would support your tribal affinities?

    You are being asked to accept this because the Mossad and Israeli tech industry are the foremost exporters of iPhone hardware and software exploits. We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement: https://en.wikipedia.org/wiki/Cellebrite

    Reply View 1 reply
    • acdha a day ago

      Now you’re talking a much more expensive operation since you need to have a substantial amount of skilled labor, tools, and parts, and also convince people that it’s okay that their phones are warning them that they don’t have a genuine battery and only 75% capacity. That seems unlikely to make for a successful mass attack with so many easier options available.

      > We've already seen how Apple vs. the Israeli state goes, and it apparently ends with Israel selling hardware exploits to American law enforcement

      Well, that used to be true but it’s not anymore:

      https://www.404media.co/leaked-docs-show-what-phones-cellebr...

      Reply View 0 replies