← Back to context

Comment by CharlesW

5 years ago

> The research would've been much shorter if Apple would actually provide researchers with debug symbols.

I believe they're about to do this: https://www.theverge.com/2019/8/8/20756629/apple-iphone-secu...

13 comments

CharlesW

Reply
Wowfunhappy  5 years ago

And Google Project Zero won't get them.

https://twitter.com/benhawkes/status/1286021329246801921

> It looks like we won't be able to use the Apple "Security Research Device" due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy.

  • ASalazarMX  5 years ago

    Goddammit, 90 day policy and reasonable rewards would strengthen their security and gain the trust of their advanced users.

    For some reason this ridiculous restriction reminds me when Apple sued Samsung because their phones had round corners.

    • ethbr0  5 years ago

      Apple sued Samsung because Samsung had aspirations of being Apple.

      Rounded corners are the after-the-strategic-decision legal justification.

      1 reply →

    • sneak  5 years ago

      Advanced users that want a secure device require devices that can be reinitialized to a known state without external input.

      This is no longer possible on any phone, tablet, or computer Apple sells: all require online activation with device-specific info. There is no way to put the device back into a known state offline or without Apple having an opportunity to tamper with it (or be forced to tamper with it).

      2 replies →

q3k  5 years ago

These are just phones that you are officially permitted to attach a root shell and kernel debugger to, like to any other device that's not an iPhone. Researchers have been working around that for years by using private jailbreaks / exploits to get similar levels access, and with checkm8/ktrw you yourself can get similar access to any vulnerable iPhone 7/8/X.

No sources or structure layout or symbols, so you're still stuck waddling through megabytes of compiled code to reverse-engineer everything from scratch.

It's Apple drumming up absolutely nothing, and from my point of view it's mostly a PR stunt.

  • Wowfunhappy  5 years ago

    > It's Apple drumming up absolutely nothing, and from my point of view it's mostly a PR stunt.

    Well, I don't think it's quite "nothing". Newer phones don't have access to checkm8, and getting a private jailbreak or exploit working can be non-trivial. And in some cases, researchers may need to avoid reporting that exploit to Apple in order to keep using it.

    It's a good step. It's just not sufficient, especially given all the other restrictions.

    • q3k  5 years ago

      > And in some cases, researchers may need to avoid reporting that exploit to Apple in order to keep using it.

      And this will continue to happen until Apple just starts selling the damn things to anyone who wants them, instead of trying to gatekeep them to people who are playing by their ridiculous security disclosure rules.

      1 reply →

  • CharlesW  5 years ago

    > No sources or structure layout or symbols…

    Oh, that's a shame. The slide in the referenced tweet says, "advanced debug capabilities", so I'd assumed that's what it meant. I wonder what else that could mean?

    • saagarjha  5 years ago

      The ability to attach a debugger to the kernel. No, really, that’s “advanced” for an iOS device, because normally you don’t get to do anything even close to that. You can’t even debug userspace processes that aren’t ones that you put there yourself (as a developer writing apps) on normal iPhones.