
A Hardware Privacy Monitor for iPhones - Tomte
https://www.schneier.com/blog/archives/2017/09/a_hardware_priv.html
======
3JPLW
Actual paper is buried two links deep and currently seems to be unavailable.
Here's the archived copy:

[http://archive.is/0sxuT](http://archive.is/0sxuT)

[https://www.pubpub.org/pub/direct-radio-
introspection](https://www.pubpub.org/pub/direct-radio-introspection)

~~~
PhantomGremlin
Thank you for the archive link!

There is apparently no sense of irony in asking us to trust JavaScript from
some random place called "PubPub" in order to even view this. Why is it no
longer reasonable to expect simple text information on the WWW to be conveyed
without requiring JavaScript?

------
sigmar
While bunnie is great and this is interesting research, I have a few issues
with it:

-Slightly ridiculous threat model (trust should be achieved at the silicon and work its way up, not the reverse). If you don't trust your phone's hardware or software, switch phones. IMHO working towards improving trust and security features is better spent time than trying to shift trust from the phone to the tools you use to monitor and distrust it.

-While journalists are heavily targeted, the research is nihilistic and feeds into fears of 0days. If someone out there has the ability to remotely turn off airplane mode, they aren't going to burn it outside of a WW3-level crises.

-Re: 'silent phone'. What use is an unnetworked phone? Can't call, email, message, find directions, lookup topics, backup recordings. Journalists use phones because they are useful, not because they need to be perfectly secured.

~~~
natch
>What use is an unnetworked phone?

I love it how people ask rhetorical questions without thinking through what
the answers might be, and how those answers might undermine their points.

A few things journalists could do with an un-networked device: take notes,
take photos, record audio, record video, show people pictures and other things
stored on the phone, look up information that is stored locally, find contacts
numbers and then call them from a different device... the list could go on,
but is that not enough?

It's an interesting effort. I don't see a need to diss it, even though the
usage scenarios seem a bit arcane.

~~~
roywiggins
"Unnetworked phones" were more commonly known as PDAs, and were quite popular
for a while!

~~~
natch
Yes, true... but notice before your comment my wording was already "un-
networked device." I deliberately replaced the parent's terminology with a
term that subsumes both phones with networking turned off as well as PDAs,
amongst others.

------
trapperkeeper74
There are three really big hardware assurance problems:

0\. Trusting any bit of silicon isn't backdoored or buggy.

1\. Trusting any opaque binary firmware isn't backdoored or buddy.

2\. Having "firewall" level of control of bus device lifecycle not in control
of the user action and/or system policies.

We need more peripheral firewalls, external firmware imaging IDS/IPS like this
project and depotting open-source chips that can be functionally OCR'ed under
xray/microscope.

------
discordance
MITs Forbidden Research is awesome. If you haven't checked it out head here:

[https://www.media.mit.edu/events/forbidden/overview](https://www.media.mit.edu/events/forbidden/overview)

Kind of like Defcon for grown ups.

------
basicplus2
More detail on actual testing

[https://www.pubpub.org/pub/direct-radio-
introspection](https://www.pubpub.org/pub/direct-radio-introspection)

------
dfc
Has anything happened with this since it was announced last summer?

------
forapurpose
With prices for some iPhones reaching $1,000, is security based on iPhones
still a realistic solution for the general public? Should privacy depend on
wealth?

~~~
Razengan
I'd say it's more the other way around; privacy depends on obscurity. The less
conspicuous you are the less you'll stand out among all the 8 billion people
on the planet.

