[Cryptography] Apple GovtOS/FBiOS & Proof of Work
Henry Baker
hbaker1 at pipeline.com
Sat Mar 19 21:14:10 EDT 2016
At 05:52 PM 3/19/2016, Jerry Leichter wrote:
>Wow. Talk about killing about killing a fly with a nuke. An iPhone has access to a number of time sources - the telephone system, the Internet, GPS, as well as an internal clock.
And when it is loading malwareXXXXXXXfirmware, the poor little iPhone can't trust *any* of those time sources; that's the type of attack we're talking about here.
The little iPhone cpu wakes up and is given a command "I compel you to write over your current firmware with this new firmware" and that cpu has to decide -- on its own, without consulting with anyone -- whether that firmware load is trustworthy enough to accede to this command. It doesn't know for sure what time or day it is, and can't use its camera or microphone to help it decide whether to trust the command. Going onto the Internet is also not helpful, because the parts of the Internet it looks for can be spoofed. It can't even trust its random number generator, because it may have been reseeded with a state known to the attacker.
More information about the cryptography
mailing list