undefined | Better HN

0 pointssydd4y ago0 comments

The silly thing is that Apple advertises their phone as something cyber security focused, when it can be totally pwned in so many ways.

And you don't need Apple's resources to make something better, just a more secure phone would have much worse UX. Just some examples for a much more secure phone, where you dont need Apple's budget:

- Runs some barebones Linux with minimal packages. An SMS app is an SMS app, not something that makes HTTP requests.

- app store is very heavily vetted

- forced updates, you can't dismiss update notifications.

- minimal attack interface, no smart connection features or accessories.

0 comments

gjsman-10004y ago

You just pwned yourself.

- Forced Updates? The FBI takes over the update server, forcibly sends out an update that sends all messages to the FBI immediately, and there's no way to stop it. That suggestion is idiotic. Or even better, install Pegasus on all the phones, have them be quietly reporting back to home for a few weeks, with journalists having no way to prevent updating.

- You forgot Hardware Root of Trust and Secure Enclave, like on an iPhone. Otherwise, the FBI can install a tool which just guesses PINs over and over while resetting the PIN attempts counter. It is not possible to build this protection in software only. You need chip-level hardware, and only iPhones in Fall 2020 and later have the Enclave set up to block repeated PIN attempts even if Apple-signed code is loaded. No other phone is safe from their own manufacturer like that.

EveYoung4y ago

In that case, you would still need to trust the mostly proprietary drivers and hardware. And if you aggressively remove features, I guess the question becomes why you would even need a phone. Maybe for some use cases it would be better to simply use a laptop.

j / k navigate · click thread line to collapse