Hacker News new | ask | show | jobs
by Genbox 205 days ago
The security of the Apple ecosystem is miles ahead of others. Every time I reverse engineer some component of their OS, it is very different from what I've seen before. I always find myself surprised by their thoughtfulness and engineering craft.

Recently I've taken on their code signing component. The concepts they've created, such as identifying applications by their "designated requirements" is a stroke of genius. It makes the system completely stateless and capable of almost anything without auxiliary data structure or additional code.

I've seen other engineering teams try and fail at building something similar, and never with such powerful simplicity.
2 comments
hulitu 205 days ago
> The security of the Apple ecosystem is miles ahead of others.

cough iMessage, hardware backdoors cough

link
astrange 205 days ago
There are not any hardware backdoors.
link
bigyabai 203 days ago
(that you have seen)

After all, it wouldn't be a backdoor if everyone knew about it.

link
Genbox 205 days ago
That's a bit disingenuous. Can you substantiate your claims?
link
bigyabai 205 days ago 

  "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."
- Apple addressing Senator Wyden's accusation of Push Notification backdoors (https://www.macrumors.com/2023/12/06/apple-governments-surve...)

  “At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: in a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place,”
- Quote from Apple's head of security engineering on the lawsuit Apple eventually dismissed against NSO Group (https://www.theguardian.com/technology/2021/nov/23/apple-sue...)

  "The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer.  The app attempts to copy our branding and user interface..."
- Lastpass telling users that a trojan horse broke through Apple's manual review process (https://blog.lastpass.com/posts/warning-fraudulent-app-imper...)
link
atomicthumbs 204 days ago
Those aren't iMessage hardware backdoors.
link
bigyabai 203 days ago
You may have skipped my second link. Here it is a second time, with the important quote excerpted: https://www.theguardian.com/technology/2021/nov/23/apple-sue...

  The Pegasus project, an investigation into NSO by the Guardian and other media outlets, coordinated by the French media group Forbidden Stories, has documented dozens of examples in which NSO’s spyware was used to attack users of Apple’s iPhone. In some cases, a vulnerability in the company’s iMessage feature, which could be penetrated by Pegasus, was used against journalists, human rights activists and other members of civil society.
The source is describing an iMessage exploit known as FORCEDENTRY, which can be used to deliver a persistent hardware backdoor (Pegasus) to an iPhone. Often, Apple is unable to detect the persistent exploit and therefore incapable of warning the user that they have a backdoored device: https://9to5mac.com/2025/02/20/apple-currently-only-able-to-...
link
fsflover 204 days ago
> The security of the Apple ecosystem is miles ahead of others.

Have you heard about Qubes OS?

link