NotebookCHECK - Notebook Forum

Governments and law enforcement around the world rejoice as they now have a new tool to plant illegal content, spyware, and malware to crush dissent, wrong think, and political opposition under the color of law. 

While I understand your concern, I guess Apple uses some access rights key to allow on air updates. Until the key falls into the hands of states or criminals, they would not get access. As soon as the key propagates outside Apple, the total security gap might be there indeed.

Robert, are you naive or are you deliberately playing the fool?
All asymmetric encryption systems used in a particular state are subject to state standards and obviously have a back door/back door for special services at the mathematical level.

This is the first.

Secondly, as practice has proven, leaks from manufacturers' websites lead to the possibility of massive attacks through such channels.

The entire edifice of modern "cryptography" is rotten to the core when it comes to the interests of the supreme kleptocracy in each country and in the world as a whole. And they, kleptocrats of all countries, certainly united on these issues.

Quote from: NikoB on April 10, 2024, 13:29:23All asymmetric encryption systems used in a particular state are subject to state standards and obviously have a back door/back door for special services at the mathematical level.

Please explain!

People not particularly fond of reading an article but are very trigger-happy to jump to conclusions, eh?

QuoteAnyone who buys an iPhone directly from Apple

QuoteApple has begun integrating a new system called "Presto" into Apple Stores.

They will get updated that way only in official Apple stores in near proximity of Apple's hardware while being on the shelf, similar to wireless charging. They won't get updated in Wallmart or wherever they sell iPhones. So if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system (lol).

If wireless updating works within Apple stores, what prevents it from working elsewhere if a presumably necessary access rights key is already leaked?

Quote from: RobertJasiek on April 10, 2024, 15:12:59If wireless updating works within Apple stores, what prevents it from working elsewhere if a presumably necessary access rights key is already leaked?

Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

Check the video, it is well-explained here: PRESTO: Apple's New System for Updating iOS (https://www.youtube.com/watch?v=vdcMrfhrnAE)

Also the image from the article of the device with iPhones inside: https://www.notebookcheck.net/fileadmin/_processed_/f/c/csm_Apple_Presto_c10e2c5e3a.jpg (https://www.notebookcheck.net/fileadmin/_processed_/f/c/csm_Apple_Presto_c10e2c5e3a.jpg)

Quote from: Neenyah on April 10, 2024, 14:28:07People not particularly fond of reading an article but are very trigger-happy to jump to conclusions, eh?

QuoteAnyone who buys an iPhone directly from Apple

QuoteApple has begun integrating a new system called "Presto" into Apple Stores.

They will get updated that way only in official Apple stores in near proximity of Apple's hardware while being on the shelf, similar to wireless charging. They won't get updated in Wallmart or wherever they sell iPhones. So if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system (lol).

I see what you're saying. What stands out to me is this. Whats to stop a bad actor giving someone a sealed, never before used, still packaged phone under the guise of trust to set someone up or spy on them?

If the technology exists and has been patented, then the govt has access to that patent. Throw in five eyes and other countries can benefit as well. The govt can  use the patent to create their own devices to update OSes, but their updates introduce malware, spyware, or more importantly illegal or questionable content/metadata that can then be "found" or "flagged" allowing for more intrusive surveillance or even prosecution and what is the defense going to be "I know its child porn and I know it shows I visited those sites but I didnt and I dont know how that got on my phone."

Its the OS that gets updated, so u can technically replace the entire OS with a facsimile without the user ever knowing or touching their personal content but that facsimile introduces those other nefarious things. You can even partition illegal content to prevent access/visibility to the owner so they will never know its there but can be found under scrutiny if investigators know where to look.

And most people sadly will gladly hand over their phone if they feel they have nothing to hide trusting in the altrusim of institutions they have been told since birth that are noble, honest, and the good guys.

Quote from: Neenyah on April 10, 2024, 15:41:43Whitelisted devices
[...] Check the video

While the video explains nothing, whitelisting can be a good concept. However, whitelisting can be implemented well or badly. Barcodes have been mentioned, but if that should be all for whitelisting, it is a very weak implementation because barcodes can be abused easily even if their source files do not leak. For a stronger implementation, the whitelisting certificates (and not just the device IDs) must be stored in the hardware and be safe against brute force. In that case, leaking from within Apple might be required. If managed properly, this would be hard. If managed poorly, it would only be a matter of time until desaster.

Yes Bizarro, I agree with your whole comment so I won't quote it whole to keep clarity here, but I'll quote just this part:

Quote from: Bizarro_NikoB on April 10, 2024, 16:43:51If the technology exists and has been patented, then the govt has access to that patent.

And that's exactly what I meant before with "if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system".

So this, as it is now, is basically nothing different than it was before (because hacking servers where updates are "laying" is about equally easy as this here if there is involved someone with plenty of resource power behind such as government). It's still on people to judge for themselves how much do they trust Apple to keep the system safe (as they claim it to be).

Quote from: RobertJasiek on April 10, 2024, 16:48:56For a stronger implementation, the whitelisting certificates (and not just the device IDs) must be stored in the hardware and be safe against brute force. In that case, leaking from within Apple might be required. If managed properly, this would be hard. If managed poorly, it would only be a matter of time until desaster.

Correct, I agree.

Device A (the device where iPhones are stored and where they get updated while being sealed in the package) is whitelisted. iPhones have their IMEI and other serial numbers, codes and such, probably a lot of different thing that only Apple knows in detail.

Device B is also whitelisted. Device B gets compromised somehow (stolen, hacked into, you name it...). Apple can automatically simply block all iPhones which were ever stored inside of it, just like they can block stolen iPhones and basically render them completely unusable (brick them effectively), by those mentioned numbers (IMEI & co.).

And given the fact that Apple loves money more than anything it's safe to assume that this move was done after making sure that the system is as safe as possible because it's easier to invest a loooot of money into securing their own system than a looooooooot more money to replace all potentially tampered devices and most likely get huge amounts of lawsuits.

Quote from: Neenyah on April 10, 2024, 16:49:01Yes Bizarro, I agree with your whole comment so I won't quote it whole to keep clarity here, but I'll quote just this part:

Quote from: Bizarro_NikoB on April 10, 2024, 16:43:51If the technology exists and has been patented, then the govt has access to that patent.

And that's exactly what I meant before with "if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system".

So this, as it is now, is basically nothing different than it was before (because hacking servers where updates are "laying" is about equally easy as this here if there is involved someone with plenty of resource power behind such as government). It's still on people to judge for themselves how much do they trust Apple to keep the system safe (as they claim it to be).

Ah, ok. Yeah we're on the same page then. I agree.

Quote from: Neenyah on April 10, 2024, 15:41:43Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

I had a good laugh. If there is a key, what the hell are whitelists? The phone itself checks the correctness of the key; it does not know about any lists. If the key is considered current on it (and it cannot be otherwise), it will allow an update to the wrong software signed with the stolen key. The phone doesn't know that the key was stolen. )))

This is exactly how a couple of years ago all the keys for signing BIOS on MSI laptops of dozens of series were leaked. If the owner has not updated the BIOS, he can easily correct the BIOS code and sign his version with this key. The BIOS chip will happily accept this code, without knowing anything that the keys were stolen from MSI.

If there is a non-updated phone in the warehouse, it does not know anything about any listings.

Now at the customs of even "free" and "democratic" countries, including the United States, there are totalitarian requirements to present a smartphone, as soon as it falls into the hands of customs officers with such a system, they can implant you with anything, having access keys. Breaking an Apple server, which could lead to a massive scandal? For what? When now you can individually do whatever you want with the phone of any victim, as soon as it fell into the hands of government agents for a while...

Quote from: NikoB on April 10, 2024, 20:21:21

Quote from: Neenyah on April 10, 2024, 15:41:43Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

I had a good laugh. If there is a key, what the hell are whitelists? The phone itself checks the correctness of the key; it does not know about any lists.

And yet again you demonstrate the lack of ability to read, to think and to understand, but at the same time you are an expert in pulling particular sentence or two out of context and then doing your own random rant about it.

Whitelisted devices which run Presto, you clown, that's what I'm talking about and that's been clear to everyone here but you (shocking). Not iPhones.

Quote from: NikoB on April 10, 2024, 20:21:21If there is a non-updated phone in the warehouse, it does not know anything about any listings.

See? Your brain is simply permanently turned off, there is no other explanation, lol.

WOW another reason to keep buying aPPLE garbage prodcuts for the Isheep

Neenyah, a slippery clown who prefers to avoid key topics and not respond to the point. =)

Quote from: NikoB on April 11, 2024, 13:03:00Neenyah, a slippery clown who prefers to avoid key topics and not respond to the point. =)

End your pathetic life for once, ok?

If you had a conscience, you would have committed suicide long ago.

Quote from: NikoB on April 11, 2024, 21:11:12If you had a conscience, you would have committed suicide long ago.

Nah, if I did who would show you over and over again how completely retarded you are? 🤨 Plus I have people who would miss me, unlike you.

I highly doubt that you have relatives who will miss you, troll.

See? I didn't mention relatives anywhere (doesn't matter if I have them or not), I said "people":

Quote from: Neenyah on April 11, 2024, 21:35:41Plus I have people who would miss me, unlike you.

Just for you, retarded and illiterate as you are, to read that word as relatives.

Quote from: NikoB on April 12, 2024, 15:50:04I highly doubt that you have relatives who will miss you, troll.

Meaning that it's actually you projecting and you are the one without them. But then again it's not really surprising given the fact that no one likes you so...

You see, stupid troll, I know for sure that normal people like me, because I've been on the forums for over 25 years. I emphasize normal. And I'm glad to help them. I don't care much about the rest, like you - you and others like you are like annoying insects, absolutely useless from the point of view of helping in the development of civilization.

But unfortunately we have to endure you like mosquitoes. Although mosquitoes at least provide benefits to the ecosystem as part of the food chain...

Quote from: NikoB on April 12, 2024, 21:57:52I know for sure that normal people like me, because I've been on the forums for over 25 years.

Like make fun of you, yeah.