Reverse Engineering iOS 18 Inactivity Reboot

(naehrdine.blogspot.com)

511 points moonsword | 2 comments | 17 Nov 24 21:50 UTC | HN request time: 0.625s | source

Show context

Shank ◴[18 Nov 24 09:31 UTC] No.42170993[source]▶

To me the biggest takeaway is that Apple is sufficiently paranoid to add this feature. Some people (like John Gruber) advocate for activating bio lockout at the border by squeezing the volume and power buttons. I would say if you’re the type of person who would do this, you should go one step further and power off.

Similarly, if you’re in a situation where you cannot guarantee your phone’s security because it’s leaving your possession, and you’re sufficiently worried, again, power off fully.

replies(6): >>42171295 #>>42171375 #>>42171383 #>>42171541 #>>42172129 #>>42173509 #

maccard ◴[18 Nov 24 11:36 UTC] No.42171541[source]▶

>>42170993 #

> I would say if you’re the type of person who would do this, you should go one step further and power off.

I'd travel with a different device, honestly. I can get a new-in-box android device for under £60 from a shop, travel with that, set it up properly on the other side, and then either leave it behind or wipe it again.

replies(1): >>42172155 #

wutwutwat ◴[18 Nov 24 13:34 UTC] No.42172155[source]▶

>>42171541 #

The £60 burner sounds like a leader on the device security front. No way it could possibly be running an ancient version of android that is no longer getting security patches, or is hacked up to shit by the device manufacture to reskin it and install their vulnerable suite of bloatware, or built off of a base os and firmware flocked to by folks for its ease of being able to gain root access/root it and run whatever you want at the kernel level.

replies(2): >>42172283 #>>42172381 #

maccard ◴[18 Nov 24 14:08 UTC] No.42172381[source]▶

>>42172155 #

There’s no guarantee your $1000 flagship isn’t doing that either.

I chose it because it’s a mainstream provider (Nokia) readily available running a supported version of android (12).

If you want to install a custom rom, you can get an older flagship (galaxy s9) and flash it for about the same price.

My point is if your threat model is devices seized at border, then a burner phone is far more suitable for you than a reboot.

replies(1): >>42174704 #

wutwutwat ◴[18 Nov 24 17:31 UTC] No.42174704[source]▶

>>42172381 #

levels of trust. I have more trust in the largest most heavily scrutinized device manufacture making an attempt at security than I do with a rando burner device reseller. To be clear, I don't trust either fully, but one has way less trust than the other

replies(2): >>42175079 #>>42181236 #

avianlyric ◴[18 Nov 24 18:07 UTC] No.42175079[source]▶

>>42174704 #

The whole point of a burner is that you don’t trust it. You only store what you absolutely need to store on there, if anything, and basically assume it’s compromised the second it leaves your sight.

The advantage of a burner phone is that it can’t contain anything important, because you’ve never put anything important on it, or connected it to any system that contains important data. So it doesn’t really matter if it’s compromised, because the whole point of a burner, is that it’s so unimportant you can burn it the moment it so much as looks at you funny.

replies(1): >>42177739 #

1. wutwutwat ◴[18 Nov 24 22:21 UTC] No.42177739[source]▶

>>42175079 #

Something a lot of people don't really consider is that people who are doing things that could get them unwanted attention, they wouldn't have incriminating evidence on any device, burner or otherwise. So the theoretical ways around not getting busted, like using a burner, are for movie villains and bond type secret agents. Real criminals (smart ones anyway) aren't conducting anything important over any network, be it ip, telephony, morse code, smoke signal, or otherwise, regardless of the burn-ability of the device they would be using to do so

replies(1): >>42181268 #

2. maccard ◴[19 Nov 24 08:47 UTC] No.42181268[source]▶

>>42177739 (TP) #

That’s why I chose a low end mass market smartphone as my example.

My wife works for the government in a low level role that involves some amount of travel to local authorities (other major areas in Scotland). She has a phone, and strict instructions to never carry it across the border ofmany countries (as a blanket policy). They’re told they’ll be provided a device for travelling and not to install any work apps on it. It’s basic security - don’t travel with information that you can lose control over.

↑