Don't get dramatic. In addition to Mossad with unlimited budget, we have regular budget military/police/customs/etc. who can do some impressive brute forcing and other tricks, but aren't going to blow a zeroday on you, or risk getting caught in an evil maid attack.
-
-
Replying to @peterktodd @CopperheadOS and
The silicon of the processor is organized to make key extraction impossible from software, modulo some amazing side channel attack. Things can go wrong but this is a MASSIVE exploit you’re talking about.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @CopperheadOS and
First of all, that "regular budget military/police/customs/etc." are precisely the sort of people who would do a pre-engineered hardware attack. Opening a case isn't hard; forensics people are trained to do that kind of thing all the time.
2 replies 0 retweets 1 like -
Replying to @peterktodd @CopperheadOS and
I’m not a hardware person so I won’t comment knowledgeably here. My limited experience tells me that opening the case would probably be the first of many expensive steps.
2 replies 0 retweets 0 likes -
Replying to @matthew_d_green @CopperheadOS and
My previous career was electronics design so... It's really not magic. A "pre-engineered" solution would just be a box with some test probes on it - ideallly pogo-pins designed to mate to the iPhone PCB directly - that then did a canned HW exploit automatically.
1 reply 1 retweet 1 like -
Replying to @peterktodd @matthew_d_green and
That's so totally realistic we have exactly that right now, albeit via the Lightning port so you don't even have to open it up.
1 reply 0 retweets 0 likes -
Replying to @peterktodd @matthew_d_green and
In fact, come to think of it there's precedent for this in the form of console mod chips... Probably 95% of people who (succesfully) installed them barely knew how to solder.
1 reply 0 retweets 0 likes -
Replying to @peterktodd @CopperheadOS and
I don’t want to go down this road because I’m not a hardware engineer and I haven’t looked directly at what Apple did. With that said I think you’re SERIOUSLY underestimating the complexity of this attack.
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green @peterktodd and
The key is (I believe) stores inside the processor in fuses. You’d have to decap the processor and carefully extract that key without damaging it.
3 replies 0 retweets 1 like -
Replying to @matthew_d_green @peterktodd and
It's okay if it never works again as long as they get everything they need out of it.
2 replies 0 retweets 1 like
Yes but only for highly targeted attacks. Not going to be okay for casually scraping everyone who crosses a border or gets pulled over by a pig.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.