←back to thread

New Apple security feature reboots iPhones after 3 days, researchers confirm

(techcrunch.com)
286 points joegibbs | 8 comments | 15 Nov 24 01:55 UTC | HN request time: 0.839s | source | bottom
Show context
arcticbull ◴[15 Nov 24 03:08 UTC] No.42143642[source]
Periodic reboots are actually a PCI requirement for payment terminals heh, basically every point of sale on the market reboots every 24h.
replies(5): >>42143696 #>>42143718 #>>42143892 #>>42144077 #>>42144547 #
Gigachad ◴[15 Nov 24 03:21 UTC] No.42143696[source]
Seems like a good defence in depth strategy. These days most systems have a pretty good boot chain security, so after a reboot you know the system is in a valid state and any potential malicious changes have been flushed out.
replies(5): >>42144335 #>>42144436 #>>42144554 #>>42144910 #>>42147261 #
1. raverbashing ◴[15 Nov 24 06:41 UTC] No.42144436[source]
But wait for security cargo-culters call it "security by obscurity"
replies(3): >>42144463 #>>42145136 #>>42145456 #
2. ip26 ◴[15 Nov 24 06:47 UTC] No.42144463[source]
All that private key nonsense falls in this bucket as well. What else is a private key than an attempt to guard your system behind a thin veil of "an obscure number I know and you don't"? Classic security by obscurity.
replies(2): >>42144928 #>>42144993 #
3. portaouflop ◴[15 Nov 24 08:27 UTC] No.42144928[source]
So everything is security by obscurity?
replies(1): >>42145348 #
4. raverbashing ◴[15 Nov 24 08:40 UTC] No.42144993[source]
Officially no, as one (or more secrets) are allowed

But given how some "security specialists" behave, I wouldn't put it past them

5. mmcnl ◴[15 Nov 24 09:06 UTC] No.42145136[source]
Nothing wrong with security by obscurity. It's widely used and it is effective. Security is security. Usually there are easier and more effective methods though, so if it's your only security layer then you might have missed a few things.
replies(1): >>42145991 #
6. rikkert ◴[15 Nov 24 09:45 UTC] No.42145348{3}[source]
always has been...
7. saagarjha ◴[15 Nov 24 10:04 UTC] No.42145456[source]
Sounds like that's just you.
8. rileymat2 ◴[15 Nov 24 11:34 UTC] No.42145991[source]
The main reasonable criticism would be that it obscures the things you missed from naive audits while still being accessible by an attacker. So you hide the issue from the "good guys" while not baring much entry by the "bad guys". I have seen this pattern emerge many times, because what is obscure to you may not be obscure to someone else. So it /causes/ you to miss things.