Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On my Android phone, I have to unlock the screensaver and approve updates. Is it the same on the iPhone? If so, it seems as if the FBI are wasting their time asking Apple to update the phone, since they'd have to unlock it first.


According to the article, that isn't known.

>The first possibility is that the Secure Enclave uses the same sort of software update mechanism as the rest of the device. That is, updates must be signed by Apple, but can be freely applied. This would make the Secure Enclave useless against an attack by Apple itself, since Apple could just create new Secure Enclave software that removes the limitations. The Secure Enclave would still be a useful feature, helping to protect the user if the main OS is exploited by a third party, but it would be irrelevant to the question whether Apple can break into its own devices.

If we assume this is the case, it might explain what McAfee meant when he mentioned social engineering.


Don't forget that the phone the fbi want to decrypt doesn't have a secure enclave. If apple agreed it would be trivial to write an OS without the exponential back off when entering incorrect passcodes


No, see earlier in the article. That is true for the 5S and later, but not for the device in question (5C) and older.


On an iPhone, you can update the OS from recovery (aka DFU) mode, without it being unlocked.


Which usually results in the data being deleted though




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: