Hacker News new | past | comments | ask | show | jobs | submit login

> They may not even have a way to limit firmware to specific devices

They do. The new firmware may not be distributed, but it should be easy enough to make it such that if it was distributed, it wouldn't change security at all on phones other than the target.

For example:

    function handleWrongPassword() {
      if (deviceId = 1234) {
        return;
      }
      //do the normal phone stuff, like a delay or wipe
    }
Since the firmware is signed, no phone will run the firmware if you change the hard coded 1234.



> if (deviceId = 1234) {

... Is that a backdoor within a backdoor? :)


I don't know what you mean... but it's pseudocode for what the FBI asked Apple to do. It's a backdoor that only applies to a single device. Since it must by signed by Apple, it can't itself be backdoored by the FBI or a hacker or anyone else without Apple's consent.

Edit: oh, I see what you mean. The single =. But it's pseudocode. That happens to look a lot like Javascript with a bug :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: