I would argue that being able to easily do that would be a security issue in itself - imagine an evil maid attack that is just installing iOS with a change that sends all keychain items to a remote server or makes it easy to obtain the encryption key that protects all user data.
Since iOS isn't flawless and it is ubiquitous across Apple devices, think of the damage that can be done by a single virus. iOS lacks diversity and is therefore a fantastic target for malware.
As these systems rely on trusted hardware, it's straightforward to do things like require the device be plugged in and in some low-level diag mode for 72 hours before allowing the root signing key to be changed.
Trusted hardware could be interesting if companies actually developed it to be legible to the user-owner, rather than their current approach of doing the bare minimum to bake in their own fixed root keys.
There can be other mechanisms here. For example requiring a notification or 2FA before replacing a non Apple sourced iOS with something else. If your device is encrypted it should require the keys to install something new.
With this it might be easier to just “gift” someone the latest iPhone on which you installed an hardware exploit.
The idea is that every physical device has some sort of trust root, whether well defined or not.
Traditionally this has been physical possession of the device.
The treacherous computing model is to make the trust root a key that only the manufacturer has.
I'm proposing that the trust root should be "possession of the device for X days", which doesn't privilege the manufacturer with indefinite control over something they've supposedly sold.
I don't understand what you're describing. Things like "2FA" and "notifications" aren't part of a bootloader, and therefore would have to be implemented externally. Keeping the manufacturer as part of the privileged base is still the dark ages.
FWIW the answer to the gifted trojan iPhone is to make the bootloader report the signing key that it is trusting. If you receive an iPhone from someone else and you want to assure integrity, you either plug it into another device of yours which checks the Apple signing key (possibly needing to wait X days to load it), or you bring the device to an Apple store where they do it for you.
Re: the gifted trojan device scenario, I think the primary line of defense would be to display a prominent boot time warning in the bootloader where a non-Apple root of trust has been used, just as many Android devices do already -- perhaps similar to the recovery screen, but with more warning signs and an open lock symbol or something.
Regarding the notifications and 2FA I was thinking along the following lines. Every device is unique. In order to get an unlock key and get the phone to unlock itself you need some signed payload by Apple. In order to obtain the unlock you would need to prove you own the iCloud account attached to the phone. That is where 2FA comes in. The notifications will go to all your other devices similar to the “your iCloud account is now being used on device x” messages.
Thanks for explaining. I do see how that could work, and would lead to perhaps even a better system if your average person could transfer stewardship of their device to a different service and away from Apple.
Some fallback to possession of a device for a time fallback would be good to avoid needless e-waste though. It's pretty ridiculous to have a perfectly good item that you can't actually use because it got software bricked.
So they steal the device from me, lock it in a Faraday cage for a few days, and suddenly now it becomes their rightful property with which to do whatever they want?
That's the way the world generally works with literally everything else, so yes. Physical crimes like theft are punished after the fact and for the most part that works. It's definitely much less common than the recently-created version of theft whereby a device is falsely "sold" while still retaining control over it.
But sure, go ahead and design a different system where say the device's current key can be used to replace itself with a new key - the important part is that there are no permanent privileged keys that cannot be changed by the owner. But then you have to mandate that this procedure is carried out when a device is sold, otherwise it's not really a sale.
Such schemes seem likely to have pitfalls for losing or corrupting the key though, and I'm personally more comfortable with falling back on physical reality which we've learned how to deal with over thousands of years rather than ending up with perfectly good devices that cannot be used.
reply