
Checkm8: What you need to know to keep your iPhone safe - carlesfe
https://cfenollosa.com/blog/checkm8-what-you-need-to-know-to-keep-your-iphone-safe.html
======
anfilt
Like if your worried about Governments tampering your device if you leave it
out sight. I am sure they could easily get Apple SoCs on the gray market that
do not have the boot ROM fuses set. So they could write what ever they want to
that chip. Like sure they need to extract the key to decode your data.
However, they could make it then appear that OS has a problem and needs to
restored via iTunes. Sure it might reduce the sophistication needed, and maybe
let smaller governments or companies do things. However, it still involves
physical access to the device. If an attacker has physical access pretty much
any system can be compromised in a lot ways.

If anything this should be a boon to users. It allows them fully to use their
devices they own. Honestly, it is inexcusable that apple makes users have to
hack their own devices. You should have the option similar to enabling or
disabling secure boot on your PC.

As to the market for stolen iDevices. It still exists, but generally involves
parting it out. Like sell the screen, cameras, and battery ect... Honestly,
while unfortunate that things get lost or stolen. I don't see how this really
changes anything.

------
carlesfe
I've been doing some reading this weekend, trying to make sense of the
bootloader bug implications, and what to tell "regular users" in order to
secure their phones.

The only big question right now is whether the exploit allows an override of
the iCloud lock, therefore opening again a market for stolen iPhones.

I'm sure somebody here will be much smarter security-wise than me, so please
send me contributions or corrections if there happens to be any mistake!

~~~
rvz
For those extreme enough who don't want to be vulnerable to this BootROM
vulnerability should probably buy or exchange their current iPhone for a
refurbished iPhone XR or later at this point if you want to be absolutely sure
that you want to be safe for this vulnerability since Apple cannot fix this
anyway.

