undefined | Better HN

0 pointsAshamedCaptain2y ago0 comments

> That's fine. I'm more concerned that the (replacement) hardware on my own device is not malicious, than I am with the hardware on other devices that are already outside my control.

You are more concerned with someone opening your iPhone and putting a replacement malicious part than with someone pwning your iPhone with a $5 wireless device while in his car just driving by ?

Your threat model is upside down.

0 comments

chatmasta2y ago

I would be very concerned with someone pwning my phone with a $5 wireless device, but that's not what's happening here. This is a DoS attack. It could never be perfectly mitigated, as long as any mitigation depends on the (arguably) fundamentally impossible task of verifying an external device is a "real" Apple device. It's possible to design security protocols that allow me to verify my device is a real Apple device, but likely not to verify a packet was sent by someone else's "real" Apple device. So I'm less concerned about the latter.

Also note that I specified I'm more concerned with verification of trusted hardware on my own device. Because the repercussions of malicious hardware implanted in my own device cannot be mitigated purely in software. Whereas verifying the integrity of an external device inherently depends solely on software, since there is no hardware interaction. I'm still concerned about it, in the sense that I'd like my OS to take best efforts to only "trust" external devices insofar as it can verify they're trustable, but I also accept that those devices are outside of my control and so any protocol for trusting them will have holes in it. My main requirement is that I should be able to opt out of the system if possible (by e.g. disabling bluetooth).

AshamedCaptainOP2y ago

> This is a DoS attack. It could never be perfectly mitigated

Bullshit.

Flooding the waves with radio interference (something that Bluetooth is particularly resistant to) would at most "deny service" of another device trying to connect to my iPhone through Bluetooth. It should NOT deny service of the _entire_ iPhone, which is what is discussed here. This is 100% preventable crap.

> the (arguably) fundamentally impossible task of verifying an external device is a "real" Apple device

Bullshit... and egregious considering you apparently think it is doable for replacement parts, but "fundamentally impossible" for networking devices. SSL is about 30 years old by now.

> I'm still concerned about it, in the sense that I'd like my OS to take best efforts to only "trust" external devices insofar as it can verify they're trustable, but I also accept that those devices are outside of my control and so any protocol for trusting them will have holes in it.

Also bullshit. All these holes are because of the proprietary extensions Apple puts on top of Bluetooth, which are exploited to no end. Notice my original post is about Apple not being able to identify when it is a (real vs fake) Apple device that is trying to initiate a connection. The protocol is 100% controlled by Apple.

Normal Bluetooth protocols and devices (which do not identify as Apple devices and are therefore subject to the standard Bluetooth pairing UI) are almost never the problem.

chatmasta2y ago

I agree with you, but that doesn't negate what I said about this being correctable in software. Whereas if someone implants a malicious HSM in my iPhone, or a screen that has a secondary chip connected to it recording everything I touch, then that's not correctable in software.

It also does not qualify as "pwning" your device, at least for my interpretation of the word "pwn."

2 more replies

fragmede2y ago

I'm more concerned about my phone being stolen. A DoS because I left my Bluetooth on is annoying. Having my phone stolen and then just letting the thief makes money off that is galling.

mindslight2y ago

I'm more concerned about the ability to own personal property than the slight possibility it might get stolen. Having to spend money to buy a new phone is annoying. "I'm sorry Dave I'm afraid I can't do that" from a device I've purportedly bought is galling.

j / k navigate · click thread line to collapse

0 comments

chatmasta2y ago

AshamedCaptainOP2y ago

> This is a DoS attack. It could never be perfectly mitigated

Bullshit.

> the (arguably) fundamentally impossible task of verifying an external device is a "real" Apple device

Bullshit... and egregious considering you apparently think it is doable for replacement parts, but "fundamentally impossible" for networking devices. SSL is about 30 years old by now.

Normal Bluetooth protocols and devices (which do not identify as Apple devices and are therefore subject to the standard Bluetooth pairing UI) are almost never the problem.

chatmasta2y ago

It also does not qualify as "pwning" your device, at least for my interpretation of the word "pwn."

2 more replies

fragmede2y ago

I'm more concerned about my phone being stolen. A DoS because I left my Bluetooth on is annoying. Having my phone stolen and then just letting the thief makes money off that is galling.

mindslight2y ago

j / k navigate · click thread line to collapse