The attack surface of a booted, never-unlocked iPhone is still very high—it can receive calls, SMS messages, etc. Inject something that way, then bang on a flaw in the secure enclave. (But this requires a bootable phone; one with a bullet in it might not be bootable.)
-
-
Replying to @SteveBellovin @ncweaver
We know that GrayKey uses Lightning. But the phone attack surface is only the weaker part of the equation. The SEP is supposed to work like an HSM. What does its interface look like prior to user login? It should be dirt simple.
2 replies 0 retweets 1 like -
Replying to @matthew_d_green @ncweaver
As
@rossjanderson and his colleagues have shown, HSMs aren't nearly as secure as they should be, either.1 reply 0 retweets 2 likes -
Yes but HSMs don’t have one billion deployed instances either, and the largest company in the history of the world throwing resources at them.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @SteveBellovin and
I guess my point here is that if Apple can’t make this work, then the HSM concept is fundamentally broken.
3 replies 2 retweets 5 likes -
"we can't do perfect, its fundamentally broken"?
1 reply 0 retweets 0 likes -
The HSM has one job, which is to keep sophisticated attackers from bypassing the core protections offered bythe HSM, and packaging that bypass into a commodity.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @ncweaver and
But more fundamentally, it’s based on the idea that somehow if we make the interface small enough, we can reduce attack surface to zero. This seems like a high-profile failure of that idea.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @ncweaver and
Maybe building a defect-free HSM in a consumer device is viable but just extraordinarily expensive. The space shuttle avionics were possibly bug free at the price of a ludicrous level of code review and quality control
2 replies 0 retweets 1 like -
That may be. My point is that Apple has vastly more resources to deploy on this project than any of the other HSM manufacturers do. Their (continuing) failure here is an important data point.
1 reply 1 retweet 8 likes
I think it's an important point. I wish there was a way to distinguish internal Apple politics (you're only allowed to spend X on hardening the HSM) from more fundamental constraints on this design approach.
-
-
Replying to @Pinboard @matthew_d_green and
Also, it is important to realize that even an SEP compromise doesn't unlock the phone if the user has a high-entropy passphrase. SEP compromise only enables an on-line brute force attack on the password at ~10/second. That really is huge.
1 reply 0 retweets 4 likes -
But unfortunately it doesn’t really generalize well to many problems beyond password-based key derivation.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.