• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    This is the best summary I could come up with:


    Using a vast array of technology including lasers are finely tuned sensors, they are trying to find gaps in their security and patch them up before they even arrive in the world.

    The actual chip doing the encryption can show signs of what it is doing: while processors might seem like abstract electronics, they throw out all sorts of heats and signals that could be useful to an attacker.

    But they are up against highly compensated hackers: in recent years, there has grown up to be an advanced set of companies offering cyber weapons to the highest bidder, primarily for use against people working to better the world: human rights activists, journalists, diplomats.

    But recent years have also seen it locked in an escalating battle: Lockdown Mode might have been a breakthrough of which it is proud, but it was only needed because of an unfortunate campaign to break into people’s phones.

    It is not the kind of difficulty that comes even with other security work; those stealing passwords or scamming people out of money don’t have lobbyists and government power.

    The kind of highly targeted, advanced attacks that Lockdown Mode and other features guard against however are costly and complicated, meaning they will often be done by governments that could cause difficulties for Apple and other technology companies.


    The original article contains 2,167 words, the summary contains 219 words. Saved 90%. I’m a bot and I’m open source!

    • danhab99@programming.dev
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      5
      ·
      1 year ago

      Downvote me if you must but what if Apple accidentally became the Privacy community’s greatest ally? I know it can’t happen bc they’ll always keep a back door for their data mining

      • Vub@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I’m curious, do you have a source for them having a backdoor and mining data?

          • Vub@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Wow OK, well that doesn’t have any value then. It’s best not to spread rumours since eich behaviour it can easily spread to other, more important, issues in society.

      • southsamurai@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        Hell, if they legitimately stopped their data collection, that would be enough to tip me into iOS until a truly good linux phone in my price range happens.

  • danielfgom@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    What’s the big deal? Google already do this to Android AND they also host Hackathons where they invite people to do this and reward those who do.

    Plus they have an ongoing bug bounty program so at anytime you can submit a bug/hack and get paid.

    Apple don’t have a history of doing this at all. This is literally the first time they are doing it because of the bad PR from Pegasus.

    It shouldn’t be applauded. They should be roasted for not having done this sooner

    • twix@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      I haven’t heard about google testing hardware based attacks on their chips, which I suppose could be caused by android running on a wide variety of chips instead of a few home-developed ones. Next to that Apple has had a bug bounty program for ages, that pays well and covers a wide range of attacks. Not hosting open hackathons has perhaps something to do with public brand image, but Apple shouldn’t be discredited regarding rewarding the findings of bugs and exploits.

      • danielfgom@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Not sure about their own chips but definitely hack the daylights out of Android.

        Apple has a bounty program but it doesn’t work. I’ve read multiple stories over the years of Devs who submitted show stopping bugs and never got anything back from Apple. And they take MONTHS to release a fix.

        The Google Security Team found a massive hole in iOS, reported it to Apple, and after months of waiting with no feedback or fix released, they published it openly. Only THEN did Apple suddenly acknowledge it and released a fix.

        Apple are the biggest hypocrites. They claim to be private and not collect data but literally everything you do on your phone they can see and collect. Everything in iCloud is on their servers. All your browsing history they can see in Safari.

        The only difference between them and Google is that they claim not to sell the data. But as we know Edward Snowden told us that the CIA/FBI etc have full access to all the servers of the Big Tech companies under the Patriot Act. They can decrypt and see your data anytime.

        So in other words not really private. None of them are.

        • twix@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Sadly the same thing has been happening on the android side (a quick google search seems to confirm this). Possible exploits reported but not patched in a timely manner. In general I feel like the Apple bug bounty problem has been swift, although indeed failing from time to time to reward an original reporter. I have not been keeping a close eye on the android side but I imagine the same has been happening. Apple has started to offer e2e encryption on iCloud data blocking even CIA/FBI access. And next to that, seeing I’m based in Europe (and so my data should too) I don’t feel like the patriot act has any impact on me.

  • Potatos_are_not_friends@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Definitely applauding them on going hard and testing their stuff.

    I’m thinking of how Sony and Nintendo had piracy issues that completely ruined their hardware sales. Then again, they can kinda get away with it in the short run by continuing to release quality software.

    Apple doesn’t have that luxury as they’ve cemented themselves as making good bundled hardware+software. If any part of that gets crippled, they’re fucked.