Hacker News new | past | comments | ask | show | jobs | submit login

And yet even the best of the best cryptographic protocols provide little to no value on very insecure systems like iphone and android.

It's like bike shedding of security, where Moxi focuses on the things he can do but for the systems where it doesn't matter.




I find it odd that someone would say an iPhone is “very insecure” after the USG, of all players, very publicly couldn’t get into a model from right before the security design hardened, not to mention the also very public panic in the IC about losing access to intelligence due to mobile phone developments. That’s a strange position to tout with the underlying implication that PC platforms are better.

Are you broadening “insecure” to mean “centralized, opinionated security architecture designed for tech-illiterate masses that I don’t like?” Because that isn’t what it means.


Very secure means high-assurance for both hardware and software, very insecure means no assurance for neither hardware, nor software, with control over system belonging to multiple third parties and what not, basically consumer stuff. And threat model for this consumer stuff just doesn't include an adversary capable of intercepting all of your communication and cracking less secure protocols, this is just silly. Because with such level of capabilities an adversary can just target a whole bunch of third parties that have control over your system, penetrate one of them and push a fake update to your system with screen grabbing malware or whatever. By the way, this is an example of a real world attack.


I thought that ended with the government getting into the phone using an exploit, just without forcing Apple's cooperation.


Hence the hardened part. That exploit doesn’t work against any later model, and they spent a lot of money to get into that particular phone. Even with that observation, how can one claim “very insecure?” Do you think it’s that difficult to compromise a PC with physical access? What does secure even mean to people any more?

I trust my phone a hell of a lot more than any general purpose computing platform, and I’d say the same if I owned any number of a significant collection of Android devices. This isn’t phone vs. phone advocacy, just annoyance at opinions that people disingenuously consider factual, useful observations on security.


Only after they paid an Israeli security company for a 0-day vulnerability, which allegedly cost north of $1m.

Interested to know how that amount compares to other OSes, I really don't know what the going rate is on Windows/Linux.


And this was a vulnerability that concerned an iPhone 5c, which did not have a secure enclave. The iPhone 5s was the first model with Touch ID and an secure enclave.

https://www.extremetech.com/mobile/226164-fbis-iphone-hack-l...


I would question how much of this was not being able to get into it and how much was a platform for "we need backdoors into everything".


Ever ask yourself why they did this "very publicly"?


To convince congress to legislate a backdoor.

There are very logical and reasonable reasons for them to advocate publicly. Not everything is a conspiracy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: