The Apple Backdoor Explained.

if anything kaspersky researchers should be praised for finding it

As an ethical hacker, I enjoyed the video but respectfully disagree. If you watch the team's presentation it shows that a code is needed to parse custom instructions to an unregistered part of the arm chip memory. So, you're saying that not only were the malware devs so good they found the secret code - a 1 in a million find( the hash given in the presentation) but they also knew how to implement it in unregistered memory? Also another 1 in a million find. Dude, this is the mother of all leaps of faith. If you look at the backdoor on x86 chips ( blackhat presentation - God mode), a very similar technique is used. This screams gov having a word with apple to implement some empty memory address space. Also, they say in the presentation that lockdown mode didn't defeat this attack ( to the best of my memory).

I am so ready to criticize apple for their garbage business practices but I think this is one of the few areas in which they should be praised and I would like to see a feature like this on non-apple devices. As much as I don't like apple, they do good work in some areas.

12:26 - "I wish there was a lockdown mode for Linux"
SELinux is definitely a thing and when in "enforcing mode" will do some serious restrictions.

Linux actually has a lockdown mode. If you boot your computer with secure boot the kernel is launched locked down. This prevents any unsigned libraries from being loaded, prevents any kernel ram modifications, prevents hibernation etc. I get that it's not the kind of apple lockdown, but it certainly improves the security of the device.

🎯 Key Takeaways for quick navigation:
00:29 📰 *Kaspersky discovered a highly sophisticated exploit impacting Apple devices, highlighting four zero-day vulnerabilities.*
01:40 🌐 *The exploit, transmitted via iMessage, granted access to sensitive data, but most infections didn't survive a reboot.*
03:02 🛡️ *Apple's Advanced Hardware-based Memory Protections faced a rare defeat, emphasizing the challenges in securing complex systems.*
06:18 🕵️ *Lockdown mode, a commendable Apple feature, reduces the attack surface, offering a powerful defense against sophisticated exploits.*
11:27 🤔 *Concerned users can enable lockdown mode for added security, acknowledging its real limitations for convenience.*

Techlore: Linux needs a lockdown mode.
*screaming in BSD*

That’s one of the main reasons I use lockdown mode on my iPhone ever since it came out not because I’m a high target just because I love to be safe instead of be sorry later

My question is, do you trust Apple with your data? I mean being a privacy advocate and techie, you think these big tech cares about privacy and want to help people in achieving total control over their data? How can anyone trust apple when they scan photos in the name of child **x? How can anyone trust a USA based company to respect privacy when almost all the privacy companies are located in Europe like Proton, Tuta, etc? Even after what Edward Snowden revealed, do you think the US gov will let these big firms respect privacy even if they genuinely want to do so? The US gov wants to scan each and every device on earth just to keep control and maintain their hegemony, even their own citizens. I cannot and will not trust Apple or any other big tech and also any hardware/software (except open source) manufactured in US or China.

It would be interesting to see something similar under FOSS Unix OSs, other than qubes, hopefully immutable distros will spawn a real privacy/security option in the future

Ironic you are wearing a Go Incognito shirt, can we maybe get the updated version finally😁

The only disinformation is in your claim that this isn't a backdoor.

There was a backdoor there is no getting around it. It is a straw man argument to say that people equate the software exploits with the backdoor. The secret hardware registers is the backdoor, not the software. What was the purpose of this backdoor? Well only Apple knows for sure. These hardware registers were closed by Apple now that they were being exploited. This hardware was not documented in official documentation. Apple designs their own chips, they should have intimate knowledge about their own chips and what they ship.

Nice analysis, thanks. Yes, it would be nice if all OSes had a similar safety feature. QUESTION: When is it appropriate to use lock-down mode (LDM)? How can users tell when it is necessary to use LDM and when to disable it? TY. EDIT: Just found the link to "I Used Apple’s Lockdown Mode So You Don’t Have To," Which sort of answered my questions, and raised other ones. Maybe as developers work on solutions for non-apple devices, the approach that Apple uses will be refined to ameliorate the limitations? What are the chances?

CVE-2023-38606 is 100% a back door added by Apple. It allows direct access to the memory. Using the exploit requires each command to be hashed with a secret table. This was not a mistake; it was deliberate. I highly doubt that lock down mode would prevent CVE-2023-38606.

Not the backdoor I was hoping for

It is definitely a backdoor.

if you need to know if you will be a victim of this backdoor what is your threat model if it is very high yes if not no

undocumented hardware feature is the most critical issue. Fuse it off if no one is supposed to use it.

Got it, Apple built in a backdoor, now I'm off to tweet about it.

I mean, they need a way to wipe phones that are iCloud locked, but this is way overbuilt for that.

I updated my Samsung phone, and there is a new setting called auto blocker. It also seems to block some functions, like ADB to increase security.
Edit; this is what i remembered i checked and it doesn't block ADB(or only partially)

Not just describing Tim Cook then?

"A very powerful adversary." Watch, it turns out to be some 12 year old in their mothers basement. lol

This is what Australia has done to every device in the country.

My guy

I first heard of this two weeks ago from a (relatively popular) UA-camr who strongly suggested apple worked with the US government to make this exploit. Call it a backdoor or not, I was just glad to hear someone discuss the facts as established by the researchers.

Sorry the hardware was the backdoor. Saying you don't know if it was ARM or Apple who put it there is stupid. Apple designs their own chips they know everything that was in that silicon. Sure the way they got there was with exploits this just proves that you can't secure a backdoor.

i'm not an Apple user, but i think Apple has taken more measures towards security than most other platforms (main stream platforms)...now, do i agree with everything Apple?..NO..but there's not a single system that any of us will find everything we ever wanted...for now..Apple wins in my book.

ALL systems connected to a network are able to be compromised. always have been, always will be.......

Rebooting does not help with any serious root exploit (and it will restart tracking agents you may have taken pain to defeat - which is more difficult on Apple devices than any others). Do not bother rebooting your device on a daily basis if you consider yourself a candidate for nation-state targeting (or, more distressingly, targeting by freelancing agents or contractors of nation-state lawlessness-enforcement and misdirected-intelligence departments). This is a major problem across the board in modern computing. The companies are (all of them) indeed complicit in the backdooring of all computing. I am not going to get into the how and why of this complicity in the surveillance problem, but let me say this: it is not a problem limited to a few people or one company and it is absolutely not cured by lockdown mode.
Lockdown mode is good publicity for Apple, but in the end it defeats anything like normal use of a computer. Worse, it keeps out the riff-raff, but it does not keep out the people it is intended to keep out. It cannot, because software (even hardware-assisted software) fixes will not help with deeper problems. All the difficult problems lie at lower levels than lockdown mode addresses. Frankly, the hamstringing of the system by lockdown mode is too high a price to pay to keep out the riff-raff. Practicing good computing hygiene (giving up your web-porn habit, for example) addresses a sufficient portion of common-criminal attacks without lockdown. That one needs to disable and to slow down so much just to limit the general attack surface is a demonstration of just how bad things have become on the internet. That this drag of a user experience does next to nothing to address the real problems should be a point around which everyone can rally to demand change in computing - and change in the behavior of the agencies driving the complicity of the industry.
Unfortunately, we would rather tell ourselves stories about how only certain people need to worry about indefensible personal surveillance devices that run increasingly important parts of our lives, and how the companies should be praised for superficial mitigations of ongoing problems. Humans are extremely good at not facing unpleasant facts. (I have watched programmers and tech-support professionals look right at hidden subsystems within computers and, after initial worry, fabricating stories to explain away the existence of the unwanted files and code - it's remarkable to see grown professionals stick their heads in the sand rather than deal with unpleasant realities.) We readily generate straw-man arguments and draw silly parallels to encourage others to continue doing nothing about these (and many other) problems. If we could attach fear, hatred, or greed to every problem society faces, maybe we would get more traction regarding actually organizing to demand action - or, more unlikely, to act collectively to improve societal ills. But it's so much easier just to wave away the idea that, in this instance in computing, the exploits people detail are just the part of the iceberg we see from our security-researcher rowboats.
Don't be afraid of backdoors and hardware-rooted computers (or the people and bots making use of them without your consent). You cannot, in any case, protect yourselves. Be angry and let tech companies and politicians know it. The problem is not one company or one country (though one country created and continues to lead the current computing and networking problem, which has spread to many others) - it is deep and widespread and state agencies and high-level corporate interests share blame for a deplorable state of affairs.

Good video.

👍🏻.

Amatuer hour or is this guy just a FANBOI

Sounds like our intelligence

👍

Interesting, but you don't need to glaze apple. Considering how overpriced iphones are they should be infinitely better than their android counterparts and yet in many ways they are worse than sub $400 phones(repairability, privacy, foss apps, downlading music etc.)

It is apple back door. If you notice that users can’t reset the ram on a running iPhone anymore. This is an agency request that apple complied with, because knowledgeable targets are to hard to track with the given exploit. Basically stupid feds need lots of help going into the future. All government exploits are developed by apple and google.

It’s already been patched for over a month or two now. Thanks for the sensational video tho 🙏

Was this targeting Russians? Or was it international? Or do we even not know?

Too hard to believe. I know.. I’m true

I'm literally subscribed to this channel to watch the latest disinfo in the industry...it's like entertainment for me :))

Lockdown mode doesn’t protect from IMSI catchers.

This is not niche. This is an everyday use exploit.

The problem with Apple's security and privacy features that they will limit or disable it in a heart beat when an authoritarian regime comes knocking, like they did in Hong Kong.

What an apologetic video. Sad.

Thank you for tackling the reality of this instead of going mainstream with the celebrity of crying wolf. What I'd like is a "Phone-Only" more for all of my phones. How about it, Motorola - how about a modern version of the StarTAC?

For years I heard Apple users tell me "You should use Apple, because we are safe and never hacked". So yes, I would come down on Apple, just because of 15 years of their obnoxious comments.

Anyone who thinks there are no backdoors in their phone is living in fantasy land 😂
The US and Chinese governments will never give up this trump card ever again

Hard to take you seriously when you use the words "misinformation" and "disinformation" unironically.

People just love to hate on Apple. It comes from jealousy