Sat Jan 4 18:58:38 2020
<502edbb8> I know cellubrite just got checkra1n working on windows with a signed driver
<502edbb8> I understand that NYC DA has been able to unlock phones for quite some time, but they are charged per phone and it is rather expensive
<502edbb8> One of the bigger fears I have is, although my phone, if seized today is (probably) pretty safe. There’s no guarantee it can withstand a 4-5 year investigation and the resulting security vulns that will be discovered in that time.
<502edbb8> Apple made the pivot to commiting to privacy on the iPhone I think in 2017. Savvy business move. The market will demands privacy solutions sooner rather than later.
<502edbb8> I haven’t hacked iPhones in like 4 years though, so I don’t know exactly what a partial keychain extraction means from an impact perspective
<502edbb8> You would think they could just minimize the attack surface in a BFU mode phone, but god damn, they really have a hard time keeping jailbreaks out
<502edbb8> Checkra1n seems to be a particularly potent jailbreak
<502edbb8> I know they struggle with perpherial device and backward compatibility when it comes to trying to keep the attack surface as small as possible
<502edbb8> I.e. “let’s make this thing DO NOTHING, until a user authenticates thereby decreasing the attack surface, oh wait a sec we have lightning headphones now which means we must at least negotiate a pairing with the headphones at all times, and thereby increases our attack surface”
<502edbb8> Ultimately, security is hard and can never be implemented in a vacuum without regard for usability. Features tend to win out, security comes later.
<502edbb8> It’s a never ending cat and mouse game of measures and counter measures