Originally published at: https://boingboing.net/2019/05/15/brittle-security.html
…
Discovering whether your Iphone has been hacked is nearly impossible thanks to Apple's walled garden
It’s almost impossible to tell if any computer or phone has been hacked if the attackers are any good at covering their tracks. Rootkits have been a thing for much longer than iPhones have been a thing and often the only way to detect them is to pull the drive and examine it forensically. This is why the general advice when your machine is knocked over is to boot from CD and reinstall from scratch, using a backup from before you were hacked.
Of course the inability to do this on a phone is one of the things that makes a hack so devastating. Luckily it’s also very hard to break into an iPhone, especially one that is on the default upgrade cycle and less than 5-6 years old. I don’t know of any true rootkits for iPhones that don’t require you to laboriously jailbreak it first.
Yeah, I’d have to see some real-world examples of these working on scale for me to give a crap. It’s not an iOS vulnerability, but a third party app. Delete the app.
And everything that’s said about black hats and unknown exploits is true of literally every system ever.
The problem with security games is that they are more multilayered than onions.
We need to consider the motivations of the people making these 0-day assertions. Maybe a lot exist. Maybe they don’t. If, in fact, the walled garden is too secure, those who want in will be making assertions to drive out those within. There’s information, misinformation, disinformation, propaganda, and flat out lies coming from all directions.
Even as a tech person, I don’t have the expertise to examine the claims on either side.
It’s probably safe to assume that state actors can compromise any platform. It’s also probably safe to assume that widespread non-state compromises will get fixed eventually, but that’s cold comfort if you’re one of the victims.
Sony actually sold music CD’s with a rootkit built in that would infect any computer that was used to rip the CD to MP3!
The faux outrage depicted here about Apple just begs for a #rollseyes, when Android is rotten with malware, including this one.
This stuff is literally my day job, and has been since 1997.
Detecting infiltration is a hard problem. With attacks going ever-lower into the stack (think USB-firmware attacks or sub-processor attacks), it can be nearly impossible for a user or the OS to detect the issue without knowing exactly what to look for, and it has been common practice for years now to infect or replace the on-board tools you would use to detect attacks with cloaked versions that hide the existence of the attack itself.
I try to treat my phone the way I treat my servers - very specific sets of software installed, with the minimum settings possible, and as much vetting of 3rd party software as possible.
I haven’t seen any studies performed, but I’ll personally wager that the incidence of attacks performed on sideloaded/direct-installed 3rd party applications, versus “vetted” apps in app stores (be it Google, Apple, MS, Steam) are markedly different, and that the stores are protecting users from the sorts of low-effort trojan/phishing tricks that catch your less-technically-savvy folk, while probably having little to no effect on users who have the situational awareness needed to not install a “cleaner” from a banner ad.
For that reason alone, I would (and have) suggested that my relatives have apple-ecosystem devices. The likelihood of infection through the app store is far lower than my mom clicking on a random link and sideloading something, then calling me to ask if it was a good idea, and that thing being malicious. on the Mac front, the number of windows-centric attacks versus mac attacks is lopsided enough to be laughable.
For myself? I have confidence in being able to use my developer account to dig into my phone or wipe/reinstall it (insofar as that can be done on a phone nowadays). This is not state-actor levels of defence. but I am lucky enough to not have any data state actors would care about. If I did, that would be a whole other kettle of fish.
This is security through obscurity at its worst.
This is absolutely not security through obscurity. Security through obscurity implies the security gains are through keeping something secret. e.g. “If no one knows our algorithm, no one can crack it.” (A specious argument at best.)
That is completely different than vetting software, or not including hooks down to a certain level of the stack.
That’s great as long as your computer doesn’t have any components with poorly-secured firmware update mechanisms. If your BIOS (or EFI firmware these days) has ben owned, not much you can do besides buying a new board.
Say WHAAAAT, Cory?
You tellin’ me that Apple won’t let ya manage yer own Apple device, th’ one what you paid cash money for?
Well, butter my butt and call me a biscuit! Who woulda ever thunk such a thing?
An attack on Mac software is always news Cuz it rarely happens. And on those rare occasions, they tend to involve apps I haven’t installed or used and they seem to always fix it before it hits me. I‘ve learned not to sweat it.
Not rip. Listening was enough to have a driver installed that inserted noise into music if you weren’t listening through Sony application. Even if you listened to a completely different CD afterwards. It still downgraded the sound quality as long as you did not use Sony app to listen to your CD. Rootkit was only a cherry on the top.
And it installed the driver (and rootkit) even if you declined offer to have drifer from Sony installed.
When in doubt, restore it.
Then restore a backup. None of the jailbreaks or exploits for iOS persist through that, and backups don’t contain any code, that all comes from ipsw or the App Store.
Only possible exception is if you have a managed device. Once the profile goes back on, you can load stuff from anywhere the profile says you can.
So yes,with profiles you can manage the device you paid for. But most people would rather (and really should) let Apple do it.
At some point I began keeping my cell phone in a brightly colored insulated zipper bag so that when it is in my bigger bag I can find it and not damage it.
Or at least they is what I tell myself to not feel paranoid about why I am doing it.
This topic was automatically closed after 5 days. New replies are no longer allowed.