Tanggapan seorang hacker iOS soal Apple vs FBI

Sebuah artikel menarik dari seorang ahli keamanan mobile yang juga seorang hacker iOS legendaris Will Strafach (@chronic) yang membahas beberapa poin soal perseteruan Apple vs. FBI yang lagi ramai dibicarakan.

3. Although the passcode attempt counter on the iPhone 5c can be handled without much work, the FBI request to allow it to electronically make passcode attempts is a considerable issue. This would specifically require Apple to modify the source code of SpringBoard (which powers the lock screen) to specifically add code that enables this capability, and sign it with the company’s production certificate so that the device will run the code. The reason Apple stresses that this is a “backdoor” in its statement is because the order is specifically requesting that Apple make a modification that serves no purpose other than to weaken iOS security by allowing brute force attempts. As touched upon in point #2, this will look horrible for Apple if it complies.

4. Here’s something pretty vital that no one has mentioned yet: The custom signed RAM disk that the FBI is requesting will not be possible to boot using the regular TSS restore servers, which check the validity of firmware files that are being loaded during each restore.

To allow restoration to a custom firmware, Apple would need to either: (a) make changes to the way its restore server works for this specific case, potentially causing major security concerns if any sort of mistake is made (which could make this an unreasonable / burdensome request, or (b) bring the device onto its internal network and load the firmware using the restore server used internally, since it can be assumed that such an in-house server exists for the purpose of restoring to unreleased firmware versions.

Selengkapnya bisa dibaca di sini.

Leave a Reply

Your email address will not be published. Required fields are marked *