Reply to post:

Got a pre-A12 iPhone? Love jailbreaks? Happy Friday! 'Unpatchable tethered Boot ROM exploit' released

Any other name

How do you guarantee the legitimate owner full access to replace the OS etc. without also opening the door for bad guys who have physical access to it (i.e. at the border, when you are arrested, etc.) doing the same? Its not really a solvable problem ...

The problem is trivially solvable, and is in principle solved in every single UEFI BIOS implementation on every PC made within the last 10 years. The reason Apple can update the OS and you can't is simple: the boot sequence is designed to check a cryptographic signature of the boot image it loads, and Apple keeps the signing keys to itself. Technically, there is no reason why the initial boot can't also check for multiple, user-configurable signature keys. The access to these boot keys can be protected by a password or preferably by a user-generated public key. All necessary keys can be held in a secure storage - which is already present in most smartphones. Now the user (or the user's technical support) can have the unfettered acess to their property - while those who don't have keys still can't. If the user wants to surender the control permanently, setting the control publickey to a random value would do it - while the backed-in Apple key would still allow its updates to flow.

Technically, there is nothing stopping Apple from implementing this approach on their devices.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019