Comment by gambiting
7 hours ago
Weirdly I care more about my rights as the owner of the device than the rights of a theoretical attacker.
7 hours ago
Weirdly I care more about my rights as the owner of the device than the rights of a theoretical attacker.
I’m all for a system that allows you to wipe the device to do a downgrade or upgrade (just like any PC with an unset bios password allows) but the idea that it’s a good design for someone without my OS password to be able to downgrade my OS or perform any operation on my OS is insane.
What’s even the point of setting a password if anyone can manipulate the system without entering it in?
The entire iPhone OS is on an encrypted volume and that is the right design choice. Not having the password means no access.
There is no general purpose encrypted volume operating system that allows unauthenticated users to perform OS manipulation. If you encrypt your FreeBSD, Linux, or Windows volume, the result is the same: no password, no access.
Your choice is to enter the correct password or wipe the disk.
The fact that Apple doesn’t allow you to set up a system without full disk encryption is not a user freedom issue, it’s a very sensible design choice especially for a device sold primarily to non-technical consumers who don’t understand the security implications of leaving the volume unencrypted.
The issue here isn’t that iOS security is designed wrong, the issue is that Apple broke basic password entry with an update.
Shame on Apple for having such lazy software development practices when it comes to implementing updates like this.
Yeah I agree that a downgrade that always results in a full wipe is a good compromise.
So don’t buy an iPhone if you don’t care about the security of your device and personal information. That would introduce a massive security hole that would negatively affect far more users than it would help.
I doubt that. The group of people you're talking about are those who have their phone maliciously stolen by people who are actively working to hack/exploit their way into the devices and then actively exploit the information stored on them. That is a utterly negligible percent of users, or even of users who have their phone stolen. The overwhelming majority of thieves of intent move the devices onto professional orgs that wipe them, jailbreak them, package them, and then ship them on to other entities that resell them.
The percent that might want to choose a different-than-latest version of OS would also of course be quite small, but I suspect it would be orders of magnitude larger than the other group we're speaking of just because that group of people is going to be so absurdly tiny.
In this world stolen iPhones are mostly worthless because they can’t easily be wiped without the password.
In your world, they could be.
I imagine iPhone thefts would go way up. They’re worth $1000 and we just carry them everywhere - if they were easily resellble it would be a very obvious quick-money theft opportunity.
3 replies →
[dead]