[N19PEDL2]

> Byrne was hoping that the next update, 26.4.1, would introduce a fix for this, but its release this week has not helped.

Even if Apple restores the háček in a future update, wouldn't he still need to unlock the iPhone to install it?

[mod50ack]

You can always reboot to recovery and install an update that way.

[QuantumNomad_]

Won’t that wipe all the user data?

[realo]

He can upgrade, but not downgrade, for security integrity.

[Y-bar]

People often seem to ignore that Availability is part of the security triad.

If I burn someone’s wallet and throw the ashes to the wind nobody can pickpocket them for it. Secure.

[fsflover]

Doesn't this mean that no matter how securely your phone is locked, Apple (and probably the three-letter agencies) can always unlock it by installing an appropriate update?

[realo]

Not necessarily. If the secret is protected in the secure element against something only you can provide (physical presence of RFID, password, biometric etc) then it is ok.

BUT you must trust the entire Apple trusted chain to protect you.

That is a rather big BUT.

[jijijijij]

> If the secret is protected in the secure element against something only you can provide (physical presence of RFID, password, biometric etc) then it is ok.

But we already established unlocking is not possible, so going with the argument it's implied there is a side-channel. Nothing, but a secret in your brain is something only you can (willingly) provide. Especially not biometric data, which you distribute freely at any moment. RFID can be relayed, see carjacking.

If you can side-step the password, to potentially install malware/backdoor, that's inherently compromising security.

[rincebrain]

If the data you care about is encrypted with a token locked behind your passcode input, and it's not theoretically brute forceable by being a 4 character numeric only thing, then not easily, no.

Could they produce an update that is bespoke and stops encrypting the next time you unlock, push it to your phone before seizing it, wait for some phone home to tell them it worked, and then grab it?

Perhaps, but the barrier to making Apple do that is much higher than "give us the key you already have", and only works if it's a long planned thing, not a "we got this random phone, unlock it for us".

(It's also something of a mutually-assured destruction scenario - if you ever compel Apple to do that, and it's used in a scenario where it's visibly the case that 'the iPhone was backdoored' is the only way you could have gotten that data, it's game over for people trusting Apple devices to not do that, including in your own organization, even if you somehow found a legal way to compel them to not be permitted to do it for any other organization.)

[jijijijij]

> Perhaps, but the barrier to making Apple do that is much higher than "give us the key you already have", and only works if it's a long planned thing, not a "we got this random phone, unlock it for us".

The attack situation would be e.g. at the airport security check, where you have to part with your device for a moment. That's a common way for law enforcement and intelligence to get a backdoor onto a device. Happens all the time. You wouldn't be able to attribute it to Apple collaborating with agencies or them using some zero-day exploit. For starters, you likely wouldn't be aware of the attack at all. If you came home to a shut-down phone, would you send your 1000$ device to some security researcher thinking it's conceivably compromised, or just connect it to a charger?

If you can manually install anything on a locked phone, that's increasing the attack surface, significantly. You wouldn't have to get around the individual key to unlock the device, but mess with the code verification process. The latter is an attractive target, since any exploit or leaked/stolen/shared key will be potentially usable on many devices.

[mod50ack]

Nope

[butokai]

That's what I was thinking, but the phrasing seems to imply that he did update to 26.4.1? Not sure how that was possible.

[bpavuk]

afaik you can update your locked iPhone with a Mac or Windows in iTunes... but it will still require a passcode after update, so ¯\_(ツ)_/¯

[nikanj]

Nope, the ”trust this computer” dialog needs you to enter your passcode before any other actions are possible

[yangm97]

This can be bypassed by putting the phone in DFU mode.

[cedws]

Probably the only hope is jailbreaking.

[sheiyei]

Jailbreaking a locked, inaccessible iphone?

[userbinator]

Keep in mind that everyone else is usually unaware (by design) of what all the intelligence agencies can do, but I doubt they would help in this scenario even if they could.

On the other hand, if this happens to a far more important person...

[cachius]

Jailbreaking is dead.