Comment by q3k

5 years ago

These are just phones that you are officially permitted to attach a root shell and kernel debugger to, like to any other device that's not an iPhone. Researchers have been working around that for years by using private jailbreaks / exploits to get similar levels access, and with checkm8/ktrw you yourself can get similar access to any vulnerable iPhone 7/8/X.

No sources or structure layout or symbols, so you're still stuck waddling through megabytes of compiled code to reverse-engineer everything from scratch.

It's Apple drumming up absolutely nothing, and from my point of view it's mostly a PR stunt.

5 comments

q3k

Reply
Wowfunhappy  5 years ago

> It's Apple drumming up absolutely nothing, and from my point of view it's mostly a PR stunt.

Well, I don't think it's quite "nothing". Newer phones don't have access to checkm8, and getting a private jailbreak or exploit working can be non-trivial. And in some cases, researchers may need to avoid reporting that exploit to Apple in order to keep using it.

It's a good step. It's just not sufficient, especially given all the other restrictions.

  • q3k  5 years ago

    > And in some cases, researchers may need to avoid reporting that exploit to Apple in order to keep using it.

    And this will continue to happen until Apple just starts selling the damn things to anyone who wants them, instead of trying to gatekeep them to people who are playing by their ridiculous security disclosure rules.

    • Wowfunhappy  5 years ago

      Right! It would solve so many issues! Put them on an unlisted page of your online store, charge a 50% markup over a normal iPhone, make the boot screen bright red, and do something ugly and obvious with the phone's exterior.

      Sure, some crazy people who aren't security researchers will probably buy them too and use them as daily drivers (I'd probably be one of them). So what? I don't understand why Apple feels the need to hold this stuff so close to their chest. Everyone in this scenario knows exactly what they're buying.

CharlesW  5 years ago

> No sources or structure layout or symbols…

Oh, that's a shame. The slide in the referenced tweet says, "advanced debug capabilities", so I'd assumed that's what it meant. I wonder what else that could mean?

  • saagarjha  5 years ago

    The ability to attach a debugger to the kernel. No, really, that’s “advanced” for an iOS device, because normally you don’t get to do anything even close to that. You can’t even debug userspace processes that aren’t ones that you put there yourself (as a developer writing apps) on normal iPhones.