Domain: theiphonewiki.com
Stories and comments across the archive that link to theiphonewiki.com.
Comments · 22
-
Re:Not really a surprise
Following up to my own post: OK, it's not (don't)TrustZone but a distinct processor. Well done Apple for doing it properly (although this ref then claims it's just TrustZone, which doesn't seem to be the case).. I'm assuming the guy found a flaw in the SEP, which for example has it's own I/O lines for GPIO, SPI, I2C, etc, so you've got a large attack surface and direct access to the CPU.
From what I understand from previous flame-wars on the subject, it is NOT TrustZone-based, but rather completely home-grown by Apple. Since Apple has an Architecture-level license with ARM (one of the few companies that do), they can pretty much do what they please inside of even the ARM core, let alone any peripheral subsystems.
-
Re:Not really a surprise
Following up to my own post: OK, it's not (don't)TrustZone but a distinct processor. Well done Apple for doing it properly (although this ref then claims it's just TrustZone, which doesn't seem to be the case).. I'm assuming the guy found a flaw in the SEP, which for example has it's own I/O lines for GPIO, SPI, I2C, etc, so you've got a large attack surface and direct access to the CPU.
-
Is this all iPhones, or just iPhones 5s?
-
Re:Several things
I remember when iOS was less popular the fanboys were all saying it was impervious to viruses and hacking! I have to admit (not to my credit)
...
Apple tries very hard that it is.
You know, every App is Sandboxed in a changeroot and runs with their own user/group id.
Only exploitable bugs and most often only on jailbroken devices lead to such weaknesses.
See: https://www.theiphonewiki.com/...And calling one a fanboi just because he uses iOS/macOS is plain stupid IMHO.
So I really wonder what that I did enjoy rubbing it in their face later. you rubbed into their face?
-
Re:Why do we care?
That doesn't appear to be true. Although it does appear to be a common belief amongst apple fans.
-
The title of this article is wrong!
Nicola Hahn is incorrect. No one has stated that Apple has the ability to, "remotely update code on a device automatically, without user intervention". The method the device would be updated requires DFU (Device Firmware Upgrade) mode, physical possession of the device and a USB connection to a PC/Mac: https://www.theiphonewiki.com/... Way to grab a headline, though...
-
Re:Can someone explain why the FBI needs Apple?running it in some kind of emulator wouldn't be possible due to its full disk encryption, which uses the UID key making it impossible to clone.
If you're interested in how the hardware-driven encryption works in current versions of iOS: Why can't Apple decrypt your iPhone?
-
Re:It's a trap!
You can not update a locked phone
Look carefully at what the FBI is requesting. They want software that runs from RAM, loaded via the DFU. The DFU, or Device Firmware Update, is a special bootloader designed to be used at the factory for programming. It's a common feature with ARM processors, and usually burned into a ROM somewhere so that software can be loaded at the factory without a special programmer using existing ports.
If you check the instructions for accessing the DFU (hold some buttons while turning the device on), you can see that no pass code is needed. Obviously the flash memory is encrypted so you can't do an OS update, but you can load arbitrary code into RAM and execute it. That means you can update the software on the Secure Enclave to remove the delays between PIN attempts and the attempt limit, and then execute a brute force attack, all in RAM.
The FBI has found a way in, they just want Apple's help to exploit it. They know Apple can do it, because Apple has demonstrated the ability to update the Secure Enclave firmware in the past, and the DFU is well documented. It's just a genuine security screw-up on Apple's part.
-
Re:Like hell I'd allow an iPhone on my network
I've been using Meraki MDM for a bit over a year now for managing my own devices, and have been quite pleased so far.
Sadly about a year back Cisco acquired them so there have been some changes in pricing and scope, but the free standard version is still available even if slightly hidden (most 'try now' links go to the enterprise signup page)
It now manages Cisco APs, Cisco switches, MDM, and a bit more random stuff.Their main page is:
https://meraki.cisco.com/MDM specific info is at:
https://meraki.cisco.com/solut...Standard version signup is at:
https://meraki.cisco.com/form/...Note that they now offer two versions, standard and enterprise. Feature wise they are pretty identical except for technical support.
Standard is free for up to 50 devices, then device 51 and after will run you $1/device/month.
I've no idea the pricing details on enterprise, other than the 30 day trial involves them sending you an access point that works with it. I assume even device #1 has a monthly cost.-
If you run Spiceworks, their latest major-version provides basic access to MDM for free through IBMs MaaS360.
They have a free version that adamantly doesn't have near enough features, and a paid version that is $3/device/month.
The paid version has all the features of IBMs branded version, but is a little cheaper per device.http://www.spiceworks.com/free...
-
If you want free and DIY, check out the "iPhone Configuration Utility" (mac/win versions available from apple) that let you create your own policy files - but you need to get them onto each iPhone "manually".
By manual this can be as easy as an email attachment or wifi-portal webpage download or something.
For devices you purchase and allocate to staff this is usually fine, but BYOD can be a problem without incentives for the user to install the profile themselves.I used this method at work since I only had two profiles available then.
To get on the wifi network you needed to install our wifi profile, which grants access to the network and then enforces the network policy.
They didn't HAVE to install this policy, but then no wifi access at all.I have a second profile to setup Cisco VPN client settings for users with VPN access, but my profile is more akin to a
.PCF config (shared secret and IP stuff users don't need to worry about) and nothing else, so it just saves some typing for them. Not much arm twisting needed here.http://theiphonewiki.com/wiki/...
(Download links at the bottom of this wiki, or just use Google)-
Sadly all other MDM platforms I evaluated over a year ago either no longer exist or in the 'rather expensive' category.The list I used at the time for the higher end providers was
http://www.enterpriseios.com/w...I found 2-3 good gems in that list at the time (Meraki and MaaS360/Spiceworks being the best priced then)
Might still be worth a look for you. -
Re:Physical Access
Physical access to a device allows for far too many attack vectors to protect against. News at 11
I think the issue here is that 'plausible, easy-to-engineer, physical access allows a demonstrated attack against a device'.
Also, at an architectural level, having an idevice plugged in is much closer to having a network connection to a computer than it is to having 'physical access'. It's a bit weirder than a pure USB network adapter; but it's essentially a chat, over TCP, with a remote computer, not total control over a USB MSC device or something of that flavor.
-
Re:why does your phone need software running on yo
I'm surprised that nobody makes a replacement application. I remember virtually having to buy one for my NJ3 years back because the OEM software was so bad.
If memory serves, older flavors of ipod where more or less equivalent USB mass storage devices, though they required media files to be stored in a specific arrangement and a little database file to be uploaded, so you needed a utility of one sort or another to do transfers(you could drag and drop; but the device wouldn't do anything useful with files added that way).
For the iDevices that Apple actually cares about(ie. not the 'classic') the situation is a bit weirder and more complex: it's strongly resembles TCP-over-USB. On top of that, all kinds of behavior has been implemented. As the latter link suggests, there has been some work on the matter; but it's a relatively complex beast(which Apple has no particular compunction about changing as it suits them).
-
Re:Just as planned
Can I install a custom IOS or Android ROM on the hardware?
Yes, Android and Linux both, and a jailbroken iOS version is custom, just not as customized as you can make a Linux kernel.
... Well it appears you cant do whatever you want. Don't mistake the pitiful increase in rights "jailbreaking" an Iphone gives you for freedom, you are still bound to Apple. With Jailbreaking you're breaking out of your cell, but you're still inside the prison walls.
Apparently, I'm out of the cell, the walls, and even the grounds.
Sure you can. Sorry to burst your bubble of Apple hate.
Got anything newer than the Iphone 3G. Apple locked the bootloader with the second revision of the 3G. So if you've got a 3G, 3GS, 4, 4S or 5, I'm 100% correct.
Wrong again - iDroid runs on 3G/3GS and work is in progress on the 4. Check the links. Or here, for the truly lazy
Thank you, It's nice to receive 3 consecutive "I was wrong" awards.
FTFY
-
Re:Just as planned
You can still jail break your brand new iPhone in 2012 and do whatever you want.
Can I install a custom IOS or Android ROM on the hardware? No you say. Well it appears you cant do whatever you want. Don't mistake the pitiful increase in rights "jailbreaking" an Iphone gives you for freedom, you are still bound to Apple. With Jailbreaking you're breaking out of your cell, but you're still inside the prison walls.
Sure you can.
Sorry to maintain your bubble of Apple logic.Got anything newer than the Iphone 3G. Apple locked the bootloader with the second revision of the 3G.
So if you've got a 3G, 3GS, 4, 4S or 5, I'm 100% correct.
Also, there were not custom IOS ROM's in your post, they were all Android or Linux.
Thank you, It's nice to receive my 350th consecutive "I was right" award. -
Re:Just as planned
You can still jail break your brand new iPhone in 2012 and do whatever you want.
Can I install a custom IOS or Android ROM on the hardware? No you say. Well it appears you cant do whatever you want. Don't mistake the pitiful increase in rights "jailbreaking" an Iphone gives you for freedom, you are still bound to Apple. With Jailbreaking you're breaking out of your cell, but you're still inside the prison walls.
-
Occam's Razor
So is Apple going to explain why they gave all the UDID of their devices to the FBI?
I know everybody's racing to see conspiracy here -- and that may well end up being the case -- but there might be a simpler explanation for how the FBI got these: From sniffing open WiFi hotspots.
It's possible that the Bureau, perhaps in cahoots with other three-letter agencies, exploited an undisclosed bug that produced the UDID (the technical composition of which is well documented). If so, it wouldn't be any great feat of science to sniff common open-air networks at places like Starbucks, airports, hotels. That's how I'd do it.
-
Re:And the use of a UDID?
So what can you do with an Apple UDID?
Yeah that's a good question. As to what a UDID is:
http://theiphonewiki.com/wiki/index.php?title=UDID
UDID = SHA1(serial + IMEI + wifiMac + bluetoothMac)
So its not much more than a checksum of the serial num and the various RF ids. So given 5 pieces of information, the UDID is what amounts to a checksum of the other 4 parts proving that row of the database has no errors.
What it is, does not superficially seem to help much with what they do with it, but maybe it helps a little in isolating what it isn't (it isn't, for example, the itunes CC number for the account, or the owners SS number, so there's no point discussing those type of issues)
-
Re:It probably won't make a difference, but...
Fair enough on the open part - it wasn't published (FaceTime). But, an analysis shows that all protocols used under the covers are open standards and well-vetted. iMessage uses similarly well vetted technology. That's not true with Skype's protocol stack, not to mention the history etc that remains out there.
-
Re:aaaand...
They can't prevent jailbraking on current devices expcept the ipad 2 (as it doesnt have the exploit) from what i understand, geohot's lime rain exploit is not patchable. http://theiphonewiki.com/wiki/index.php?title=Limera1n
-
Re:Or could it be...
I figured they were waiting for SHAtter to finally be disclosed so they could fix the bootrom, thus making the white iphone 4 invulnerable to jailbreaking. For a time.
Since SHAtter wound up going undisclosed, now they're in a pickle. Either they go around fuzzing the usb ports looking for the SHAtter vulnerability themselves, which is time consuming, and gives no clear indication that they found the exact same vulnerability that pod2g found, or they find a way to bait the iphone devs into tipping their hands and disclosing SHAtter.
That whole scenario would take many months to play out, as the iphone devs have proven to be far more patient after what happened with the iPhone 3G[s] bootrom.
-
Exclusive Chip Identity Number
From their statement: "each iPhone contains a unique Exclusive Chip Identification (ECID) number that identifies the phone to the cell tower. With access to the BBP via jailbreaking, hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously (this would be desirable to drug dealers, for example) or charges for the calls to be avoided. If changing the ECID results in multiple phones having the same ECID being connected to a given tower simultaneously, the tower software might react in an unknown manner, including possibly kicking those phones off the network, making their users unable to make phone calls or send/receive data. By hacking the BBP software through a jailbroken phone"
I don't know who came up with this, but it is false on so many levels. The ECID is an Apple proprietary number that is used by Apple's servers to identify the phone and firmware. The tower couldn't care less about it. The tower uses the information on the SIM card that identifies a particular subscriber, and to a lesser extent, the IMEI (International Mobile Equipment Identity). If you alter the SIM information, authentication will fail and you will be unable to make or recieve calls. If you alter the IMEI, you may be able to pretend you're using a different phone, but you'll still be identified as the same subscriber. This is not even the least bit of anonymity. If two subscribers claim to have the same IMEI, it shouldn't really confuse the system much, because it is only used by a module called the EIR (Equipment Identity Register) which is used to blacklist phones. The idea being if you tell the cell phone company that your phone was stolen, they can render it so the phone will never again work on their network, even if the thief puts in a new SIM card. So all the EIR should do is, "Is this equipment alright by me? if yes, go right ahead."
-
Assholes!
The Exclusive Chip Identifier? Aka the ECID?
That thing was added solely to make it harder to unlock the phone for other carriers! -
Re:I think I've seen this before