I'm pointing out my conclusion: nothing is safe... yikes!
And no, I'm not worried that because of this article anyone can keylog my stuff. It's the realization from OPs summary that there are many attack vectors, and vulnerabilities hiding in and between layers and components. iPads are no different in that respect.
Seriously, how do we get passed the current state of zero-days and major vulnerabilities cropping up on the reg?
Some ideas from other commenters here aren't entirely convincing to me: require open source, require software standards (both of which would need to apply to hardware/silicon as well). I'm honestly looking for some thoughts on how to build a more secure digital future (Links to articles or studies are welcome).
But really, I think some perspective is needed on what is "safe". Is riding in a car "safe"? Is eating food from the supermarket "safe"? Can you ABSOLUTELY GUARANTEE that it's IMPOSSIBLE to screw it up? How did my parents survive for 60 years under these UNSAFE conditions?
I think electronic devices can be pretty damn safe, even without totally locked-down firmware and secure-boot. They can be flashed with low-level firmware at the hardware level (SPI or JTAG or similar), then boot trusted install media, wipe the mass storage and install fresh.
Then, keep it minimal, keep it under control. Don't install and use 20k components/libraries which you are not familiar with and of which hundreds want to update every other day. At least, be familiar with all the processes and daemons running. Either you should know why they're there, or they should not be there. You don't need a firewall if no process is listening for connections (and if you need a firewall to block it, why are you running it ?!) Just run less junk.
Programs are riddled with mistakes. Just because you can point a finger and say zero-day, doesn't mean that there's a single solution to this problem. Nothing _is_ safe; life is inherently unsafe.
And no, I'm not worried that because of this article anyone can keylog my stuff. It's the realization from OPs summary that there are many attack vectors, and vulnerabilities hiding in and between layers and components. iPads are no different in that respect.
Seriously, how do we get passed the current state of zero-days and major vulnerabilities cropping up on the reg?
Some ideas from other commenters here aren't entirely convincing to me: require open source, require software standards (both of which would need to apply to hardware/silicon as well). I'm honestly looking for some thoughts on how to build a more secure digital future (Links to articles or studies are welcome).