Saagar Jha (@saagar@saagarjha.com)

Tim Mahoney

06/21/2024 (replying to Saagar Jha)

@saagar overlooked by Apple. Unless the insinuation is that Apple purposefully left a vulnerability, which I’d find hard to believe.

You’re saying some sort of physical attachment to the hardware? I’m out of my area of expertise here, so I’m not sure what’s actually possible.

Saagar Jha

06/21/2024 (replying to Tim Mahoney)

@_tim______ Not a vulnerability. This would be Apple acting intentionally to peek inside their servers

1 replies →

1 replies

Ben!

06/21/2024 (replying to Saagar Jha)

@saagar @_tim______

“Our threat model for Private Cloud Compute includes an attacker with physical access to a compute node and a high level of sophistication — that is, an attacker who has the resources and expertise to subvert some of the hardware security properties of the system and potentially extract data that is being actively processed by a compute node.”

Saagar Jha

06/22/2024 (replying to Ben!)

@enefekt @_tim______ Yes it’s good that they understand the actual threats well but the problem is their threat model starts off with an attacker with problematic capabilities. Like, “we model an attack that can already access data” is…not what Craig is saying in interviews

Saagar Jha

06/22/2024 (replying to Saagar Jha)

@enefekt @_tim______ Normally you have a threat model that’s like “we think an attacker has arbitrary read” (not a desirable end goal) and it ends with “we prevent them from getting code execution” (desirable end goal). They start from an unfortunate place

Saagar Jha

06/22/2024 (replying to Saagar Jha)

@_tim______ @enefekt If someone said “our threat model is that an attacker has access to your iMessage conversations” and they went on to say “we think it’s hard for them to get a *specific* message from your phone, without exfiltrating all of them” you’d be go “wtf”

Saagar Jha

06/22/2024 (replying to Saagar Jha)

@_tim______ @enefekt You’d think that was an awful threat model–attackers have access already! But that’s exactly what they’re starting from here. And mind you, their protection is “we think we’d find them if they did a broad attack” not “it’s technically infeasible to do this”

Saagar Jha

06/21/2024 (replying to Saagar Jha)

@_tim______ Like, Apple is selling that they are better than their competitors because even though their competitors can put “we don’t look at your data” in their privacy policy they can do it anyways. But Apple can also do the same thing

Tim Mahoney

06/21/2024 (replying to Saagar Jha)

@saagar I believe they’re saying they _can’t_ do the same thing, but I might be wrong.

Saagar Jha

06/22/2024 (replying to Tim Mahoney)

@_tim______ Their advertising says this. Their blog post does not corroborate it