Hacker News new | ask | show | jobs
by weinzierl 4283 days ago 

   1. [...]
   2. [...]
   3. [...]
   4. [...]
   5. The manufacturer of the A7 chip stores every UID for
      every chip.
I'm a total layman, but the UID has to be created at some point and so it can be known by someone. Wouldn't it be the easiest way to just record it for every chip? Apple wouldn't even have know about it.
2 comments
lisper 4283 days ago
This is the fundamental problem: unless you are rolling your own silicon, at some point you have to take some big corporation's word for it that a chip does what they say it does. This fundamental problem is the reason that nuclear launch codes are protected by a relatively low-tech solution:

http://en.wikipedia.org/wiki/Gold_Codes

link
weinzierl 4283 days ago
But if this is the case, why bother with bullet point 1. to 4. The chip is probably manufactured in China, why spend a thought about whether US law enforcement can somehow via Apple decrypt the data of my phone when the Chinese Government can do it anyways?
link
avn2109 4283 days ago
I fear the American government's totalitarian/police state leanings far more than I fear the PRoC.

Though the Chinese government is undoubtedly an enthusiastic squasher of political dissent, and their secret police are surely quite brutal, and I hate commies with a passion, I am hardly ever likely to have a conflict with the Chinese state.

An Unconstitutional American surveillance state is a far more immediate problem. The NSA can break down my door tomorrow after reading my politically unpalatable text messages, and there's nothing I can do to stop them. So if I had to pick someone to have the keys to my phone's backdoor, I'd pick a "hostile" foreign power any day. Though of course it would be better to have no backdoors at all :)

link
jshevek 4283 days ago
I agree with you, but I would add that: if any power has the key to your phone's backdoor, there is a chance of the key getting into the NSA's hands.
link
briandh 4283 days ago
> The chip is probably manufactured in China

Available info indicates that the A8 is fabbed on a 20nm process by both Samsung and TSMC [1]. For Samsung, that would indicate production in either the US or South Korea [2]; for TSMC, that would indicate production is in Taiwan [3].

[1] http://recode.net/2014/09/23/teardown-shows-apples-iphone-6-...

[2] http://www.samsung.com/global/business/semiconductor/foundry...

[3] http://www.kitguru.net/components/graphic-cards/anton-shilov...

link
lisper 4283 days ago
1-4 from the original article are based on the premise that the iPhone is in fact as secure as Apple claims it is, and tries to reverse engineer how that could be done. Your point #5 is a possible way that the phone could in fact be insecure despite 1-4. My point is that unless you have your own silicon foundry you have no choice but to trust someone, or resign yourself to the possibility that your iPhone may not be secure despite what Apple says.
link
sigterm 4283 days ago
It could be generated by the chip itself with built-in hardware RNG. The outside world never needs to know what it is.
link