It probably doesn't have direct access. They could be exploiting the OS and then escalating to SEP access with another exploit. It's impossible to know exactly what they're doing. SEP provides a lot more than the disk encryption hardware support so there's other attack surface.
Sure it's USB (or rather USB over lightning). It's just 2+ separate logical USB devices, and which is connected is gated by lock state of the phone.
-
-
This starts to become a highly specialized phone that is useless when locked. Might as well turn off bluetooth, wifi, and push notifications while locked. How is this isolated set of chips going to know when the phone is unlocked? Who is going to signal it?
-
Software can switch it all when entering locked state. I've actually never used my phone's USB port for anything but charging & initial OS install so it hardly seems "useless" to me.
-
You’re mixed up. You’d introduce a hardware isolation gate to protect the OS from port access while phone is locked, but the signal controlling the gate (“user unlocks phone with PIN”) has to come from the OS side of the boundary. How does that help?
-
Not going to continue responding with your condescension.
-
I’m sorry - I didn’t mean to be condescending.
-
Apology accepted. Idea above is that you can (modulo very different classes of attack) assume the OS is uncompressed as long as the interface surface to it is mostly or entirely cut off.
-
The interface meaning the message passing system between OS and hardware DMZ? Or between OS and user?
-
Between OS and attacker. Interesting case is when phone is already locked & has (hypothetically) disabled data on the port.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.