Seems doubtful that they have more than one that works without even taking apart the phone. This one is really bad and Apple should be able to figure it out without seeing it...
-
-
Replying to @RichFelker @CopperheadOS and
Of course they likely know they have an utterly wrong hardware topology in that the lightning port has any kind of access to the locked-down chips, but that's probably not easy for them to fix...
1 reply 0 retweets 2 likes -
It probably doesn't have direct access. They could be exploiting the OS and then escalating to SEP access with another exploit. It's impossible to know exactly what they're doing. SEP provides a lot more than the disk encryption hardware support so there's other attack surface.
2 replies 0 retweets 4 likes -
Seems like the port shouldn't even be active for data (charging only) when the phone is locked. Anyone wanna bet they enabled it for headphones since they removed the headphone jack? ;-)
2 replies 0 retweets 3 likes -
It definitely supports more than charging in that case, as do Android phones. The move to Lightning / USB C headphones does genuinely make it less convenient to do something like https://github.com/CopperheadOS/platform_frameworks_base/commit/7b811853c5d2b05ec5db11786ab3f4b6a079e1a1 … but there are a lot of other reasons for them using data at that point.
1 reply 0 retweets 2 likes -
Replying to @CopperheadOS @RichFelker and
One simple example is supporting USB keyboards and various accessibility technology. Some of that may be needed by someone to unlock the screen. Accessibility support often ends up being a security problem, not familiar with how accessibility services work on iOS though.
3 replies 0 retweets 1 like -
Seems they could/should only support Bluetooth, and only devices that are already paired when unlocked. Lightning is a much much bigger attack surface.
1 reply 0 retweets 1 like -
This logic requires code to execute, and that is likely where the flaw lives.
1 reply 0 retweets 0 likes -
There's no reason the data lines couldn't be electronically gated to a dumb charging controller chip while locked. Would eliminate non-invasive physical attacks.
2 replies 0 retweets 1 like -
Other than security vs. convenience and fancy features at least. There are too many uses for data-based stuff when the device is locked for a general purpose device to make that sacrifice by default.
1 reply 0 retweets 0 likes
There's no reason it couldn't be switchable in Settings->Security or similar.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.