How much do you think Lockdown Mode + MIE/eMTE helps? Do you believe state actors work with manufacturers to find/introduce new attack vectors?

Theoretical question. How much more secure will be a Linux device which uses phone as a dumb Internet provider.

There is one non-technical countermeasure that Apple seems unwilling to try: Apple could totally de-legitimize the secondary access market if they established a legal process for access their phones. If only shady governments require exploits, selling access to exploits could be criminalized.

Thanks for contributing to our increasing lack of security and anonymity.

as a mobile dev this is a weird thing to internalize. you build your whole security model on "trust the platform" and there's not much you can do if the OS itself is compromised. you can encrypt at rest, minimize permissions, avoid caching sensitive data, but at some point you're just hoping the OS underneath you isn't pwned.

the KSIMET through BLASTPASS progression is sobering. it's basically a new chain every year.

>It's worth doing (Apple patching) but a reminder that you are never safe from a determined adversary.

I hate these lines. Like yes NSA or Mossad could easily pwn you if they want. Canelo Alvarez could also easily beat your ass. Is he worth spending time to defend against also?

and if you point out that Apple's approach is security by obscurity with a dollop of PR, you get downvoted by fan bois.

Apple really need to open up so at very least 3rd parties can verify integrity of the system.