Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So two words I can't find in this thread are "lawful intercept". If a judge comes down on Apple and says they are required to produce your private content, is Apple going to throw up its hands and say, "Nope, it's e2e encrypted." No, they will not. They will either run something on your device to scan it, or they will exfiltrate your encryption key, because at the end of the day they own your device. Maybe this makes it harder for man-in-the-middle attacks or whatever, but if someone with the right amount of power cares, your data isn't secure.


Fun fact, they can’t exfiltrate the key because it’s burned into the secure element coprocessor and unreadable by software.


so that means if your iphone breaks or gets stolen the data is lost? I guess they would have to enable exporting the encryption key to users to make the backup useful in these cases.


Would you please like to give us some URLs that explain this for people not deeply into Apple hardware - thank you very much!


How do we know this, exactly? Is it open hardware? Have anyone audited it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: