(techcrunch.com)

286 points joegibbs | 1 comments | 15 Nov 24 01:55 UTC | HN request time: 0s | source

Show context

SoftTalker ◴[15 Nov 24 02:32 UTC] No.42143463[source]▶

If this is true, then it's a trivial enhancement to make that a configurable setting. 72 hours could be the default, if your security needs are higher, you could turn that down to 12 hours, or even less.

replies(5): >>42143486 #>>42143699 #>>42144046 #>>42144580 #>>42145188 #

threeseed ◴[15 Nov 24 04:49 UTC] No.42144046[source]▶

>>42143463 #

> If this is true, then it's a trivial enhancement to make that a configurable setting

It could be hard-coded into the Secure Enclave so it can't be disabled if the phone is jailbroken.

replies(1): >>42145494 #

saagarjha ◴[15 Nov 24 10:12 UTC] No.42145494[source]▶

>>42144046 #

A sufficiently powerful jailbreak would be able to override that.

replies(1): >>42146485 #

threeseed ◴[15 Nov 24 12:56 UTC] No.42146485[source]▶

>>42145494 #

Not aware of anyone being able to patch the Secure Enclave code to date.

replies(1): >>42147498 #

1. benmmurphy ◴[15 Nov 24 15:00 UTC] No.42147498[source]▶

>>42146485 #

there are public exploits to patch secure enclave code for some of the checkra1n devices. pongoOS uses the blackbird exploit on some models to remove a check that disables access to user data if the SEPOS boot code determines the phone has been DFU booted by checking the hardware TRNG state. https://github.com/checkra1n/PongoOS/blob/master/src/drivers...

↑

New Apple security feature reboots iPhones after 3 days, researchers confirm