|
|
|
|
|
|
by sydd
1801 days ago
|
|
|
The silly thing is that Apple advertises their phone as something cyber security focused, when it can be totally pwned in so many ways. And you don't need Apple's resources to make something better, just a more secure phone would have much worse UX. Just some examples for a much more secure phone, where you dont need Apple's budget: - Runs some barebones Linux with minimal packages. An SMS app is an SMS app, not something that makes HTTP requests. - app store is very heavily vetted - forced updates, you can't dismiss update notifications. - minimal attack interface, no smart connection features or accessories. |
|
|
- Forced Updates? The FBI takes over the update server, forcibly sends out an update that sends all messages to the FBI immediately, and there's no way to stop it. That suggestion is idiotic. Or even better, install Pegasus on all the phones, have them be quietly reporting back to home for a few weeks, with journalists having no way to prevent updating.
- You forgot Hardware Root of Trust and Secure Enclave, like on an iPhone. Otherwise, the FBI can install a tool which just guesses PINs over and over while resetting the PIN attempts counter. It is not possible to build this protection in software only. You need chip-level hardware, and only iPhones in Fall 2020 and later have the Enclave set up to block repeated PIN attempts even if Apple-signed code is loaded. No other phone is safe from their own manufacturer like that.