Saagar Jha

(replying to Saagar Jha)
Apple seems to just categorically fail at threat models that involve themselves. I guess for iPhone you just suck it up and use it anyway but for this the whole point is that it’s supposed to be as secure as on-device computation so this is kind of important

Saagar Jha

(replying to Saagar Jha)
Even shelving insider threat, there are a lot of words for “we did TPM”. Which as everyone knows (at least, once @osy86 has done their job) is designed around a long chain of things that verify each other–and is only as secure as the weakest link.

Saagar Jha

(replying to Saagar Jha)
@osy86 To be 100% clear: you know how NSO or Cellebrite keep hacking iPhones? This thing is made so that if you do that to PCC, you get to see what is going on inside of it. And because of how TPMs work it will likely send back measurements to your phone that attest cleanly
1 replies →
1 replies

osy

(replying to Saagar Jha)

@saagar if Apple's "TPM" is the Secure Enclave Boot Monitor then your Cellebrite malware cannot corrupt the measurement without bypassing SCIP support.apple.com/guide/securi

1 replies →
1 replies

Saagar Jha

(replying to osy)
@osy86 Yes but if you exploit the measured software it’s not attesting what you care about

osy

(replying to Saagar Jha)

@saagar Yeah but see any such exploit would be found by external researchers and reported to Apple obviously

spv

(replying to osy)

@osy86 @saagar obviously, would never be sold in a shady deal to any government agencies or private companies the big guys use to escape blame (fine a few corps, execs face nothing, gov faces even more nothing)

oh wait

osy

(replying to osy)

@saagar in TPM parlance, Apple (only) implements a D-RTM, which does hardware enforcement to ensure measured code is what's executed

Saagar Jha

(replying to Saagar Jha)
@osy86 The “solution”, as far as I can tell, is that Apple thinks they would catch attempts to hack their servers. Oh yeah also hacking the server is hard because they used Swift and deleted the SSH binary. Not like they ship an OS like that already to a billion people
2 replies →
2 replies

osy

(replying to Saagar Jha)

@saagar I think their "solution" is "look if there's bug in our code, it would be found by the community" which assumes enough security researchers would care to "jailbreak" PCC servers

Saagar Jha

(replying to osy)
@osy86 Well that is part of it but also read the bits where they are like “oh you cannot do a targeted attack without hacking all our servers and we will probably catch you if you do that”

Saagar Jha

(replying to Saagar Jha)
@osy86 It is left as an exercise for the reader if you don’t want to do a targeted attack (?) or you do it so that they don’t catch you (???)

Dominic Hopton

(replying to Saagar Jha)

@saagar @osy86 Microsoft’s Azure Department would like to get in contact with them to sell them security!

Saagar Jha

(replying to Saagar Jha)
@osy86 Also other people have been grumbling about this but I’ll come out and say it: gtfo with your “auditability”. You don’t care about auditability. You care about your intellectual property. This blog post is hilariously nonsensical

Saagar Jha

(replying to Saagar Jha)
@osy86 You can’t say “researchers can inspect both hardware and software [for iPhone]” and then later go “this is the first time we are providing plaintext iBoot”. You made it difficult for researchers to do their job for *years*. Now suddenly they are providing a vital service?

Saagar Jha

(replying to Saagar Jha)
@osy86 Like, you decide to hand researchers a decrypted version (of what is still a binary blob, to be clear) the moment you needed to advertise that your cloud was safe and secure? What do you want, a medal?
3 replies →
3 replies

osy

(replying to Saagar Jha)

@saagar I know it's not your intention but I find it funny that all the messages look like they're addressed directly to me. Yes sir I will consult with Mr Cook and get back to you.

Saagar Jha

(replying to osy)
@osy86 Appreciate it

Thijs Alkemade

(replying to Saagar Jha)

@saagar They don’t have the budget for a code audit, so they crowdsource it. And they can just close all reports that require Apple to act maliciously as “Informative”.

spv

(replying to Saagar Jha)

@saagar @osy86 yes, i actually do want a medal, thank you.