I did read the article, no it's not a genuine piece of hardware, they changed the microcontroller.
And by the way, it's also possible to do the same exact thing in an iPhone right now, somebody could totally hook up a microcontroller with a microphone straight to the battery.
If you want to go all the way, you can also replace the whole device straight with a fake iphone and record everything.
> I did read the article, no it's not a genuine piece of hardware, they changed the microcontroller.
They took the genuine piece and swapped some stuff out and modified firmware, not just made a straight up fake. That's why it was hard to detect, it was a completely genuine device on the face of it.
> And by the way, it's also possible to do the same exact thing in an iPhone right now, somebody could totally hook up a microcontroller with a microphone straight to the battery.
Yes. But that is tricky (not much free space in the body to add something new) and can probably be detected visually. However if somebody swapped an existing part like a camera for a fake camera that acts like a camera but also spies on you then it would be tricky to visually see, but the phone would warn you.
> They took the genuine piece and swapped some stuff out and modified firmware, not just made a straight up fake. That's why it was hard to detect, it was a completely genuine device on the face of it.
They could have also made a complete fake as well instead of a partial fake just by keeping the plastic enclosure, this device isn't exactly complicated.
> Yes. But that is tricky (not much free space in the body to add something new) and can probably be detected visually. However if somebody swapped an existing part like a camera for a fake camera that acts like a camera but also spies on you then it would be tricky to visually see, but the phone would warn you.
That's kind of a ridiculous threat model anyway, those targeted attacks are just going to hack the iPhone and stream the camera in software whenever they want with some custom payload.
> They could have also made a complete fake as well instead of a partial fake just by keeping the plastic enclosure, this device isn't exactly complicated.
In case of this device, sure. But it would be much more costly and error-prone, build your own PCBs etc. But in case of iPhone we don't worry about them building fakes from scratch, because those would be easy to tell on the spot. We worry about a genuine phone with fake parts.
> That's kind of a ridiculous threat model anyway, those targeted attacks are just going to hack the iPhone and stream the camera in software whenever they want with some custom payload.
As it is now these phones are not so easy to hack without user proactively installing malware and many of them would survive only until the next OS update or security response payload. A hardware attack is more compelling.
> But in case of iPhone we don't worry about them building fakes from scratch, because those would be easy to tell on the spot.
I suggest having a look to Youtube. Some fake iPhones are so good that unless you have a deep knowledge of the product, you can be fooled. I certainly would be fooled.
> As it is now these phones are not so easy to hack without user proactively installing malware and many of them would survive only until the next OS update or security response payload. A hardware attack is more compelling.
I'm confident those state actors have the payloads ready whenever they want to use it on high value targets, this is kind of naive. Pegasus NSO could be a public example of that.
You are not valuable enough to require such an exploit but that's a thing right now.
And by the way, it's also possible to do the same exact thing in an iPhone right now, somebody could totally hook up a microcontroller with a microphone straight to the battery.
If you want to go all the way, you can also replace the whole device straight with a fake iphone and record everything.