←back to thread

286 points joegibbs | 4 comments | | HN request time: 0.849s | source
Show context
SoftTalker ◴[] No.42143463[source]
If this is true, then it's a trivial enhancement to make that a configurable setting. 72 hours could be the default, if your security needs are higher, you could turn that down to 12 hours, or even less.
replies(5): >>42143486 #>>42143699 #>>42144046 #>>42144580 #>>42145188 #
1. threeseed ◴[] No.42144046[source]
> If this is true, then it's a trivial enhancement to make that a configurable setting

It could be hard-coded into the Secure Enclave so it can't be disabled if the phone is jailbroken.

replies(1): >>42145494 #
2. saagarjha ◴[] No.42145494[source]
A sufficiently powerful jailbreak would be able to override that.
replies(1): >>42146485 #
3. threeseed ◴[] No.42146485[source]
Not aware of anyone being able to patch the Secure Enclave code to date.
replies(1): >>42147498 #
4. benmmurphy ◴[] No.42147498{3}[source]
there are public exploits to patch secure enclave code for some of the checkra1n devices. pongoOS uses the blackbird exploit on some models to remove a check that disables access to user data if the SEPOS boot code determines the phone has been DFU booted by checking the hardware TRNG state. https://github.com/checkra1n/PongoOS/blob/master/src/drivers...