Hacker News new | past | comments | ask | show | jobs | submit login

If the device firmware that checks for signatures has a bug then it can already be exploited by anyone who can find it.

Creating a new iOS version in no way increases the attack surface. If you think it does then you probably don't understand how the technicalities work, or I'm misunderstanding you (in which case please sketch a scenario where Apple doing what was requested increases attack surface).




Indeed the attack surface is the same, but now there is an extra incentive to crack the signing process, because you will be able to run an open version of the OS. Cracking the signing process now is useless because the OS image is still the original.

Now, cracking the signing process so that it authorizes a third-party-modified version of the OS is something else completely, but I'm not sure it would make any difference if the attack is done with physical access. It could be useful for remote attacks.


So your scenario is

>code gets leaked

>incentive to find bugs in signing increased

>bug in signing found

Offhand I would think the value of an exploitable signing bug is an order of magnitude greater than the cost of making a custom software. At the very least it trivially allows jailbreaks, which puts it in the million dollar range depending on how exploitable it is, and I think creating iOS software that skips the passcode would at worst be in the low six figure range if it didn't need signing, more likely mid five figure.

Saurik said it could be done in a week by a talented programmer (see https://news.ycombinator.com/item?id=11153022), so even though the supply of such programmers is limited I'm still confident the total cost would be 5 figures.

So the additional incentive would be pretty insignificant compared to the existing incentive.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: