Really really liked this comment on your article:

“Fatesrider
Fatesrider Ars Legatus Legionis
11y
19,951
Subscriptor
quamquam quid loquor said:
Sounds incredibly plausible that this was the NSA at work. I doubt Apple is working actively with the NSA, but who knows what they could have been legally compelled to do.
My bet is China.

Apple doesn't manufacture iPhones in the U.S. They're made in China and Vietnam (a close ally of China). There are some parts made in the U.S., but they're shipped to the manufacturing centers overseas. Access to the devices involved is probably fairly simple. And analysis of the components of those devices is probably equally simple - and probably quite covert.

Russian and China have a much longer history of adversarial exchanges than cooperative ones in the past, with only some of the 20th century showing any signs of thawing. They each think of the other as less than human, but if mutual interests demand cooperaiton, they're often pragmatic enough to do that.

Doing that provides both sides, more with China lately than with Russia, to slip in spies and other means of data gathering.

Without any direct proof, I've felt that Kaspersky has primarily been a convenient way to engender trust with the West by "outing" obsolete spywear/malware/etc. as a "favor" once a better variant has been created and deployed. In short, it's mostly a propaganda arm of the Russian government. But they'd also know what exploits are out there that the Russians have made and deployed that they DON'T tell the world about until the Kremlin gives them the green light to do so, which would make their employees a very tempting target for bugging their phones.

Since the Chinese government doesn't trust Russia any more than Russia trusts the Chinese government, and would want to know what Russia is doing to them before Kaspersky reveals it in some press statement, and having the ready access to the components of iPhones to reverse-engineer to exploit for spying purposes, I'd be far less inclined to say this was the NSA's doing.

It smells a LOT more like what the Chinese have been doing for 40 years.” 

 Literally just started this journey several days ago!  

 awesome. i discuss graphene and other infosec opsec tools quite a bit here. lmk if i can help with anything 🤙🏻🔥 

 I understood from the article that the attack was at the hardware level, if so how can you help prevent this use on a GrapheneOS device? 

 check his out first and lmk if you still have questions https://grapheneos.org/faq#security-and-privacy 

 Tnk 

 ofc 

 I wish the Apple Secure Enclave had an implementation of EEC secp256k1 🤓. Interesting version of the seL4 Microkernel. Regarding the manufacturing supply chain, the Apple Secure Enclave chip is not publicly disclosed by Apple. This component, in particular, is probably not made in China. https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web 

 This has been on my radar previously.... need to get familiar with it more. If youd humor me.... What's the one thing that graphene needs to improve on or that is holding it back atm from further adoption? I mean in terms of its functionality or features not awareness of it as an option.  

 As far as I know it is only available for google pixel phones and that makes it suspect enough to me.  

 True, but I would pick something else after seeing the kind of people behind graphene os… check Louis Rossmann video about it 

 Louis Rossmann took issue with Daniel Micay who has since stepped down from #grapheneos as lead developer.

"    I've stepped down as lead developer of GrapheneOS and will be replaced as a GrapheneOS Foundation director. I'll be ending my use of public social media. I'm unable to handle the escalating level of harassment including recent swatting attacks. There will be a smooth migration.

    I'm confident the project will be in good hands with the rest of the development team. I'll be training them to handle everything I used to do myself. I haven't been a particularly active developer for a while now and there will be little impact on ongoing feature development.

    One of our veteran developers will be taking over administration of the server infrastructure. Local infrastructure for official builds, signing and testing will be replicated in multiple locations and verified against each other to reduce trust in any particular location.

    I'm going to focus on recovery from everything that has transpired since 2018. I have not been doing well, particularly in the past few weeks, but there has been no break from it since 2018. The police know about the swatting situation and are preventing it happening again."

 

 Micay is still active in social media.:( 

 Yes, GOS is great, but hardened android forks aren't immune to similar 0click vulns used to target those iPhones. 

I'd be interested to know how Lockdown Mode would have faired if it had been enabled, considering the payload was pushed through iMessage. 

 Security social influencers don't understand that. 

 It’s a very sophisticated attack based on a hardware vulnerability, how can you be sure it’s not happening in Android for certain phone models? We possibly have not discovered those yet..