Comment by maldev

2 years ago

It's already 2-3 million +. Apple has amazing security, especially for the Iphone and continously monitors it and dishes out silent patches. For a REALLY high level example, it restricts system calls per process and requires all calls to be signed with an apple key, AND it restricts who you can do the system call to, these are continuously monitored and updated. Not only this, but persistence on Iphone is effectively dead, meaning you have to reinfect the device after every reboot. One of the big things you notice in the article is the use of ROP, apple requires every executable page to be signed by them, hence why you have to have these assfisting of rop chains.

7 comments

maldev

Reply
Veserv  2 years ago

2-3 million dollars is not “amazing”. That is less than the cost to open a McDonalds. You can get a small business loan in the US for more than that. There are literally tens of millions of people in the world who can afford that. That is 1/5 the cost of a tank.

2-3 million dollars is pocket lint to people conducting serious business, let alone governments. It is at best okay if you are conducting minor personal business. This ignores the fact that attacks at the 2-3 million dollar range are trivially wormable. If you had actual cause to hack every phone you are only incurring marginal cents per attack. Even relatively minor attacks like targeting 10,000 people are less than one phone of cost per attack.

  • MuffinFlavored  2 years ago

    > 2-3 million dollars is not “amazing”.

    I don't know. $2-3m for reading code in Ghidra and throwing stuff at a wall until something sticks? Maybe some fuzzing, etc.

    I get that you theoretically could find an exploit that for example, you send to 100 known wealthy people, and with it you steal saved cookies + device IDs from financial apps and then try to transfer their funds/assets to an account you control but...

    Could you really pull that off 100 times before Apple catches on?

    I guess you could... easily... now that I think about it.

    • sweetjuly  2 years ago

      this has the (un)fortunate consequence of being illegal. Writing exploits and selling them to a friendly government, on the other hand, is totally legal. Plus, then you can sell support contracts for that sweet recurring revenue!

      1 reply →

hnburnsy  2 years ago

That is good info, but why does Apple make it non obvious on how to reboot an iOS device and AFAICT there is no way to schedule a regular reboot.

  • hnburnsy  2 years ago

    Need to restart your non responsive iPhone, hope you have some dexterity...

    ----

    Force restart iPhone

    If iPhone isn’t responding, and you can’t turn it off then on, try forcing it to restart.

        Press and quickly release the volume up button.


    Press and quickly release the volume down button.


    Press and hold the side button.


    When the Apple logo appears, release the side button.