From press release, “Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.“
Appears Apple is not aware there was a $10 million bounty [1] paid out; unless when they say “by industry” they mean phones, not bug bounties.
If Apple really believed it was secure, then even a $100 million bounty shouldn’t be a concern; 2 million, while clearly high, is no longer enough to pull in the best bounty hunters, in my opinion.
///// Re: Naming
Name conflicts with existing terms both Apple and consumers use. Naming should be unique so it’s possible to Google the unique name for this feature and only get valid search results.
///// Re: iCloud
While iMessage features are limited, it is neither blocked, nor is iCloud — and both are known to being vulnerable to nation state demands on Apple due to iCloud not being end-to-end encrypted.
///// Re: iCloud end-to-end encrypt
If Apple was serious about the topic, they would have already rolled out end-to-end encrypt for iCloud years ago.
///// Re: Targeting
If Apple is logging if this feature is on and sending it back to Apple, it will result in targeting from nation states even if this feature is “invincible” - which I have no reason it is; basically, nation states demand list of users subject to its jurisdiction.
///// Re: Off vs Locked
“Wired connections with a computer or accessory are blocked when iPhone is locked.” — Why is this not the default with an opt-in? Further, at the point you’re turning on this features, when locking the phone it should explicitly tell the user of the risk of locking vs turning the phone off. Lastly, when you turn an iPhone off, it should really be off if set to this mode; if it is, and activity is detected, likely good sign something is going on.
From press release, “Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.“
Appears Apple is not aware there was a $10 million bounty [1] paid out; unless when they say “by industry” they mean phones, not bug bounties.
If Apple really believed it was secure, then even a $100 million bounty shouldn’t be a concern; 2 million, while clearly high, is no longer enough to pull in the best bounty hunters, in my opinion.
///// Re: Naming
Name conflicts with existing terms both Apple and consumers use. Naming should be unique so it’s possible to Google the unique name for this feature and only get valid search results.
///// Re: iCloud
While iMessage features are limited, it is neither blocked, nor is iCloud — and both are known to being vulnerable to nation state demands on Apple due to iCloud not being end-to-end encrypted.
///// Re: iCloud end-to-end encrypt
If Apple was serious about the topic, they would have already rolled out end-to-end encrypt for iCloud years ago.
///// Re: Targeting
If Apple is logging if this feature is on and sending it back to Apple, it will result in targeting from nation states even if this feature is “invincible” - which I have no reason it is; basically, nation states demand list of users subject to its jurisdiction.
///// Re: Off vs Locked
“Wired connections with a computer or accessory are blocked when iPhone is locked.” — Why is this not the default with an opt-in? Further, at the point you’re turning on this features, when locking the phone it should explicitly tell the user of the risk of locking vs turning the phone off. Lastly, when you turn an iPhone off, it should really be off if set to this mode; if it is, and activity is detected, likely good sign something is going on.
_______
[1] https://medium.com/immunefi/wormhole-uninitialized-proxy-bug...