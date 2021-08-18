



Apple was able to hand over the code for review, but that’s not what it says it will do. Researchers can also reverse engineer functionality in a static way without having to run the actual program in the actual environment.

However, in reality, neither method allows you to look at the code running live on the latest iPhones to see how it actually works. Instead, they still rely on Apple’s belief that it’s not only open and honest, but that it writes code without serious errors or oversights.

Another possibility is to allow members of the Apples Security Research Device Program access to the system to validate the company statement. However, the group is made up of researchers outside of Apple and is bound by so many rules about what they say and do that they do not necessarily solve the problem of trust. Claims not always.

It really leaves only two options. First, hackers could use the zero-day vulnerability to jailbreak older iPhones. This is difficult and expensive and can be shut down with a security patch.

Apple has spent a lot of money trying to keep people from jailbreaking their phones, Thiel explains. They hired people specially from the jailbreak community to make jailbreaking more difficult.

Alternatively, researchers can use a virtual iPhone that can turn off Apple’s security features. In reality, it means Corellium.

There are limits to what security researchers can observe, but researchers may be able to find it if Apple scans anything other than the photos shared in iCloud.

However, if anything other than child abuse material is incorporated into the database, it will not be visible to researchers. To address that question, Apple states that two separate child protection organizations in different jurisdictions need to have the same image of abuse in their databases. However, little detail was provided about how it works, who runs the database, which jurisdiction is involved, and what the final source of the database is.

Thiel points out that the problem Apple is trying to solve is real.

That’s not a theoretical concern, he mentions material on child sexual abuse. It is not what people raise as an excuse to carry out surveillance. This is a real problem that needs to be addressed. The solution is not like removing these kinds of mechanisms. It makes them as impervious as possible to future abuse.

However, Corelliums Tait says Apple is trying to ensure lockdown and transparency at the same time.

Tate, a former information security specialist at British intelligence agency GCHQ, said Apple is trying to get and eat cake.

They make jailbreak difficult with their left hand and sue companies like Corellium to prevent their existence. Now they’re right-handed, oh, we’ve built this really complex system, and it turns out that some people don’t believe Apple made it honest, but if you’re a security researcher It’s okay because anyone can go ahead and prove it to themselves.

I’m sitting here thinking, what does it mean you can do this? You designed your system so that they lean. The only reason people can do this kind of thing is not because of you, but because of you.

Apple did not respond to requests for comment.

