Hacker News new | ask | show | jobs
by logicOnly 2077 days ago
It's a huge security issue. Physical device access is reasonable. Stolen phones, people incarcerated, etc....

How difficult would it be to steal someone's phone, but illegal stuff on it, and call the police? Could you figure it out for 10k USD?
4 comments
donor20 2077 days ago
I'm continually reminded that a HN "HUGE!!" security issue is so rarely that.

I can think of so many more much more significant security issue, from remote root access to windows machines, potentially intentionally flawed VPN security, TPM on intel machines that are remotely exploitable and provide persistent access to machine and the list goes on and on.

There is something about Apple that makes folks blow up. Perhaps it's just they are one of the few with a bit of a reasonable reputation here.

Steal someone's phone? You realize iphones since Xs forward are using A12+ chips, they don't even have the intel / T2 combo being talked about as far as I know. And then to get access you need to install a keylogger PHYSCIALLY into the macbook. All this is "possible", but you can probably do a keylogger without breaking T2 and get equivalent access at the end of the day.

link
ziml77 2077 days ago
I think a lot of people are looking for any reason to put Apple down. I'm guessing it's both because Apple and its users love to brag about security and because HN users hate the cost that you pay for that security: a device locked down from its own owner.
link
donor20 2076 days ago
That is true - apple is locking everyone out - including the person who paid for it. But that does make the iphone relatively better from a security standpoint.

The overseas android market is a wasteland security side - no one even pretends, they don't even keep the phones updated.

link
ogre_codes 2077 days ago
> It's a huge security issue.

Which exists on likely 99% of people's setups, Mac, Windows, whatever. Keyloggers on external keyboards, keyboard hacks, bios hacks...

> Stolen phones, people incarcerated

This hack doesn't unencrypted the drive, so this hack won't help if you just steal someone's laptop. You have to get physical access, hack the T2, then get it back into their hands so they can put their password in to decrypt the drive.

> How difficult would it be to steal someone's phone, but illegal stuff on it...

This hack affects MacBooks & Macs with the T2 security chip installed, not about phones.

link
tedunangst 2077 days ago
Buy a burner phone, put illegal stuff on it, stick it in their gym bag, call police. Costs 1% of 10k.
link
olliej 2077 days ago
You can do exactly the same on a machine without a T2 chip though, so I’m not sure what makes this special vs any other time you give someone untrusted physical access to a device
link