You would have coded it to require a 10 stage chain of exploits , across multiple development teams and computer design engineers? If it were your job, you would be very bad at it.
Now that Intel is ramping up manufacturing in that country, you can be assured that more hidden instructions will be put into the processors below level zero.
@@junyaiwaseyup I won’t own a mobile tracking device even a handheld one let alone the next generations , wearable , implantable , last but not least grown into your fucking brain !!!
Let's talk about how many iPhone exploits are the same as Mac computer exploits that still haven't been patched; find them, and you'll destroy Apple in a day. I wish I was joking, yet here we are..
So the alleged backdoor is a set of registers in the processor that can directly write to and read from the memory while there is no other reason for these registers to exist. Sounds eerily similar to the Intel Management Engine or the AMD PSP. Definitely a coincidence how every major chip manufacturer added the same type of vulnerability to their products, 3 letter agencies are most certainly not involved.
@catmanmliolunny anytime there is a handshack between 2 users it uploads that into RUclipss data if you have a payload hidden behind your comments like button (if you already ran a sql injection on your comment) you can than have your like button carry payloads to other users and use assembly root functions to brute force your way or key loggers your way into others systems or get there internet traffic. The way you determine your like buttons url is by using Google Dorks to find the exact location of your comment... this is a multi step process Edit: I'm working on multiple cves right now using hidden payloads to find locations of people, all you need is the hand shack and a man in the middle function, and you can go crazy Edit: it's like giving cookies but only if you don't have access to their system.... if I wanted I could find out where you live given enough time. Or I could use social engineering to get the same results.
"Don't worry, as long as we keep the backdoor a secret nobody will ever find it" Problem with that is that hackers and hostile states will from now on just assume there's a backdoor and look for it tirelessly.
@atomicskull6405 They didn't stumble across anything. Pegasus is Israeli. They either have insiders at various American glow bro organizations or they bribe and blackmail their way into getting access to le secret spy codes.
Saw the triangulation presentation last night.. it's very clearly a backdoor.. and what was interesting is that it's been used for 10 years .. also the fact you can write to your own memory address if you know a "secret code " is fucking bananas
At one time, I worked with a network engineer that used to be in the Military. He had access to MS Source Code, not OP code, but the uncompiled Source Code. He said the military would not allow any device or software into their secure areas unless they had full control of it. He also said that the only sure way to defend a device was to remove external access. This includes having shielded hardware so it cannot be accessed via a remote, directional device that utilizes it's own EM broadcast to reach into your Hardware. Sci-Fi stuff huh? This was 28 years ago. Imagine what they can do now....
28 years ago was the era of 14.4k baud modems, cd-roms were connected through soundcards and this new OS called Windows 95 had just been released. There were no cell phones nor the concept of "devices" or "network engineers" It would also make you at least 40 years old today and old enough to not be so gullible or make up fake stories. What would having access to the source code do? Fork and compile their own version of win95 with the same undiscovered vulnerabilities as that is safer? 😂
I've been using Android for the past 6 years. And in that time, half of the apps I use are pirated, sideloaded apps. Never in this time have I ever been infected with malware, because well, I use my brains when sideloading. @@Stone_624
The Pegasus exploit was actually insane, they used the fact that the steps of the gif compression algorithm were Turing complete, along with an exploit that let them execute an arbitrary number of steps of that algorithm, to build a computer out of the compression algorithm. When combined with the overflow exploit giving them access to the devices memory they had full control of the phone.
Yeah that really doesn't sound like it was planned. And the unused registers probably were there for redundancy or they simply were left overs from the development.
@@zekiz774people here would rather attribute to malice something that can easily be explained as an oversight in an insanely complicated system. I’m really not apples biggest fan, but jumping to accusing them of conspiracy is unhinged.
Undocumented bit combinations in the machine code might hint at undocumented registers in the hardware. But figuring out special functions for those registers would be tricky. Unused space in the instruction set, on the other hand, is common.
Not like the general purpose registers on the CPU -- probably talking about registers in the SoC, written to with a special instruction or memory mapped at some hardware address. Writing to it controls certain aspects of the various things in the System on a Chip.
We normally call them "undocumented registers". And they would refer to registers in hardware devices, not the CPU registers. Though even in the 8-bit days there were undocumented registers or partially documented registers, and modern CPUs are orders of magnitude more complex, often with multiple CPU cores in them, so a lot more places to hide undocumented registers. Undocumented opcodes are extremely common.
Its pretty funny, considering several defence contractors and official defense departments around the world have contracts with apple to use iphones with IOS as their provided mobile devices, as well as Imessage as one of the primary comunication application.
@@mycommentmyopinion imo unlikely. Someone within govt wanted total possible oversight over these contractors & defense depts by forcing then to use iphones & imessage they insured this happened. Imo this was an intentional backdoor sponsored by the US govt.
@@thewhitefalcon8539 If you buy a device with the software instead of installing it yourself, not even Ghidra can help you. If (and the size of that if may vary) the device lets you download the software off of it in order to decompile it, you have to trust that the hardware gives you the same code as whats running.
People should look at Mattermost application open source for self-hosted end to end encrypted messaging. It's like Slack for developers, used for secure communications by Airforce, Samsung, and more.
@@GrueneVanilleWaffel Truly difficult finding OS hardware because the scale of production it takes a hardware company to be profitable is a long time horizon and huge amounts of capital. While you can find some OS hardware, you can do a surprising amount of interesting things running with Virtual Machines if you really know what you're doing. Remember, the more convenient/usable the product, the more hackable it is. OG cybersecure guys run many systems straight from the Command Line on an old Thinkpad laptop as a controller for a big server farm, but you have to know what you're doing.
If you don't need a specific app and it might have a security vulnerability and you can't remove it the only think you can really do is not use the entire thing.
I mean an open box also has horrible vulnerabilities... A little harder to make them intentional like in blackbox, but Minnesota Linux kernel ban situation kinda proved it to be possible...
Unfortunately, there are plenty of horrible vulns even in open source. A couple of sudo vulns went undiscovered for over a decade, and these led to full privilege escalation.
@@chrisdawson1776 That really was not as big of a deal as people made it out to be, if someone got into the position to exploit that vulnerability you had already lost at every step because the person is literally standing in-front of your system. Generally exploits that require physical access to the system are more of a joke than anything since at that point there are countless non exploit ways to get into the system. But most importantly, that exploit is for GRUB2 if you encrypt your system (if you want password protection on your OS) getting past GRUB2 is going to be utterly worthless. As is i'd bet 99% of users do not have a password set for GRUB2, same goes for corporations (at least those i worked for) because it's simply unnecessary and in a corporate environment you don't want to be locked out of your boot loader with a password. TLDR: that exploit was overblown lwn.net/Articles/668695/
This isn't about software, you could run 100% free software, and yet your CPU would still be backdoored. And you know that AMD and Intel both have it too, likely other ARM manufacturers too, who knows which are safe if any
If the software is FOS, there are plenty enough geeks to find and patch those exploits in due time. If it's not, they will sit there until the for profit programmers who work on things that make them money (AKA not wasting time looking for potential security exploits in the most obscure corners of their source code) to fix it, or for a scandal like this to force their hand. A hardware exploit is meaningless if there is no software path to activate it.
Based on how convoluted the attack chain was obfuscated and yet how easy it is for an attacker, this was definitely intentionally implemented to make the attack method difficult to find and easy to carry out.
5:08 They call the process "fuzzing". Essentially, throw arbitrary instructions at the chip and see what happens. Some you cab bruteforce like that really quickly. Others can take weeks.
@@lucasthompson1650 then the question is, doesn't apple has better access to those same things, and could run it from you know start of development instead of having to buy some some and revers engineer all of the stuff?
yeah i've watched some of christopher domas defcon talks on youtube and this is exactly the sprt of stuff he does, And he is just one guy. An entire corporation can surely do the same sort of stuff
I love how everyone was in a big fuss about side loading apps being a huge risk while shit like this happens every few years. Just like those massive icloud breaches back in the 2010’s
@@CentreMetresoftware is any sort of application within the device. hardware is the actual device itself and all its parts. a good way to remember it is, if the equipment can be touched it’s hardware, if it cannot it is software
Hidden instructions and registers can be found by fuzzing the CPU. This is something that has been done in the past on custom CPUs based on well-known architectures. I think the main question is why these unused features got in the final product, or if is an undesired side effect in the architecture.
The reason why might be as simple as to cut the costs that would go into design and verification stages for a new version of the chip with the registers removed.
Yes, especially when you consider that they could make the exploit dependant on two special instructions in a row. The second won't do anything unless the first one is used directly before and using the first instruction will not produce any visible effect unless the second is used directly after. How you gonna brute force fuzz your way through that? There's exponential possibilities.
And also apple themselves are the biggest threat to apple users privacy, and i would like to brag ablut using android, but i don't even think google is less bad... Well at least i use linux on my computer
@@no_name4796 - What we need is a law mandating that all hardware above a certain level of processing capability (IE, anything stronger than a smart phone from ten years ago) has to support an open source operating system - either freeBSD or Linux, where the penalty for a regulator not being able to install Linux or freeBSD on the device, is a full public-domain release of all hardware schematics, and any and all source code related to the device, along with a forfeiture of any copyrights and patents related to said device. We need to stop dancing around the bush on this shit - if it supports Linux then it'll support Windows, Android, and any other operating system in existence as well.
@@no_name4796To be very fair, I think mobile devices are easier to compromise then desktops. I think I saw a video about someone claiming the opposite and I sort of laughed at it, but I couldn’t tell ya if that is true or not. Personally, I think it easier because phones are largely ‘simpler’ systems with more attack vectors since they are ‘smart’ devices. The chips are different from desktops, there is more features like the camera or the fingerprint detection that can make a hacker blush. Finally, I think the more closed source nature of the app stores could be used to maliciously distribute bad code easier then just browsing online. I could be wrong, I am definitely not a security expert.
as someone who doesnt like apple at all, and genuinely really believes that Pegasus and other mythical creatures exist, your comment has me really confused. i am not being sarcastic at all
Going by the analysis of Marcan (the MacBook Linux guy), it seems like this vulnerability could have plausibly been found by just guessing. The memory addresses it uses lie right next to the GPU control area, so by poking here and there you could have found it does _something._ Still, the number of (0-day) exploits used here and the sophistication of the entire deployment chain is mind-boggling and comparable only to the likes of Stuxnet! Definitely from a state-sponsored hacking group.
Look y’all once your device has Wifi, Bluetooth or any means of connecting with the outside world it’s vulnerable, theoretically if you actually wanted to be completely safe you’d need to download all apps and games that you want, then disconnect the Wifi and Bluetooth chip, plus other components that may have contact with the outside world. No system is 100% safe
How is this exclusively an Apple thing? Like yes this particular video is about an Apple exploit that is really dangerous and that’s bad, granted. But if you think there aren’t cyber weapons that are just as dangerous targeted around Windows and Linux you are deluding yourself. The US has already leaked some of the ones targeted around Windows accidentally, we know they have them.
5:50 I work in 3rd party repair fixing iPhones for a living. I once accidentally triggered the iPhone the blue screen (yes blue screen on iOS) with a strange code on the display. Apple support didn’t know what it was and google had no info. I accidentally triggered it by connecting a faulty screen with the pins for the display connection misaligned. My best guess is it was some sort of internal debugging or diagnostic mode. So I’m not saying that you’re wrong I’m just saying it’s possible to Find these “back doors” in other ways.
This kind of thing, where the hardware itself is 'untrustworthy', has been a suspicion for years. I have some older IBM laptops which I use for a password database, that is never connected online, but also because it is one of the last laptops where the chipsets are 'known' to be what you think they are. Without any possible additional 'features'. Excellent video as always.
I wonder how long until fully open source chip designs hit the market, I have seen some RISC V but at very low powers, maybe in a few years it will only be a question can we trust the foundry to build actual designs,
@@contactjd i mean there is no proof even back then that they arent backdoored. I think in the K& R C boiok there is even a topic about rogue compilers. like the problem goes way back to the 70s/80s.
i feel like the reason for canada to ban Xiaomi was not because they cared about their citizens' privacy, but rather to monopolize on profiting from their data themselves
When you design your own silicon it's almost impossible to accidentally add extra stuff. It's a massive investment especially in this case, and everything gets checked thousands of times by hundreds of experts.
'Backdoors' are in the original charter of the F.B.I. It started with phones and service providers being required to design the phone network so it can be spied on.
You do realize that the "original" FBI charter was written only 40 or so years ago, well after the FBI had been in existence, yes? And no, that original charter makes no mention of requiring phone providers to design a network that can be spied on. The nature of analog and digital are such that they can be spied on. No one forced anyone to make them that way. Anyone who understands even the basics of how wires and circuits work can see that. It's not particularly complicated. 😂
5:45 How could anyone figure out how to use this undocumented feature? There was an interesting presentation, on the Intel-AMD64 architecture, at one of the major programming conferences a couple years ago. 1) the presenter wrote very clever code to find undocumented instructions. This included executing bytes at the very end of a memory page to see if the instruction was "taken" before it fetched bytes from beyond the page. When discovering a new instruction, he would thus determine how many bytes it needed. 2) read patent applications. If they describe some feature of the SoC, maybe they're _doing_ something like that on some existing product now. I'm sure the same principles apply to this platform.
State level actors can also simply crack open an iPhone and run it under an SEM. Hell, @BreakingTaps does this as an individual. Not a long shot to find secret registers that way.
Anyone remember the time when an organization had to get involved for a iphone where the really badly wanted to get the contents but one last failed password attempt wiped the iphone's contents? I wonder if anything related to this backdoor could be connected back to that whole thing that ended up being a huge non-story at the end of the day.
@@kevinmiller5467 Still a better bet than the combo of backdoored OS+hardware. Even if the hardware itself is compromised, you have to find an (unintentional) 0 day exploit that escalates you from nothing to hardware level in order to exploit that backdoor anyway. And the grapheneos team has shown that they really dont play around and actively assume through each line they write that "if this piece of code were to be exploited, would the danger at least be contained?" Also it is very difficult nowadays to find hardware that is (provably) not backdoored, or check the integrity of the claimed implementation, which is why even if they open sourced their titan m firmware you still would not be completely sure. This is why bothering with such details goes beyond tinfoil hat territory. I mean if someone else with backdoor access gets a physical hold of your phone you would be screwed but if your threat model is that large and you got in that situation you screwed up somewhere else entirely anyway...
7:25 As someone who was in Russia, saying “avoid American products” is very difficult because the Russian versions were so underwhelming. Matter of fact, Putin has been trying to push Russians to use their version for years. Guess what though. Because of the Russian war, a large adoption of Russian products arose. Although it’s still not the majority because these products are still mediocre.
And in 90% of cases are re-brands made in china from used/bad binned chips. No wonders here, even if they have a tech, there is no way to make modern things, there are no factories capable of making them (even something of 2010`s level of architecture).
I'm not sure about the government jobs, but pretty much everyone here uses WhatsApp, no matter the age. Younger folk (especially females) uses Instagram (via VPN) - both belong to Meta.
Thank you for all your videos, of all genres. They’re always appreciated and at least somewhat entertaining. But someone referring to you as Vegan Gains is just about the funniest thing I’ve seen related to your context.
@@Not_Airrack at this point anything is better than apple, and the best choice of all is to get off grid, cant hack what isn't digital. when real life comes knocking these hackers wont be safe. Real Life catches up to everyone
It’s honestly mostly about the convenience of a simple device. I still have an android for work and more heavy duty stuff but an iphone is an easier daily driver for simple tasks.
@@firewhite Apple is not more convenient its OS is built so that normies cant do anything with it other than what apple allows....these people must like being in a playpen while everyone else goes outside to the real playground. saying apple is an "easier daily driver for simple tasks" is like saying a children's learning computer from playschool is the best choice for people who need an "easier daily driver for simple tasks" the problem is people refuse to adapt to technology and the companies are taking advantage of said ignorant customer who refused to move away from a locked system that they don't even truly own, therefore allowing the industry to corner people into thinking that a closed system is better than an open one it happened to restaurants, it happened to cars, and now its happening to basic computer and phone....
If Kaspersky is reporting on this it was the one for the Russian iPhone users at the start of the war, and now they started to use Chinese phones. This comes after the Push Notification server thing for all phones, the US Government and associates is grubbing on these.
The only reason to keep code closed source is because you have something to hide. Either its embarrassingly bad, or its malicious. Today, like every day you see closed source products, you have to ask yourself. Was this incompetence or malice? In this case it took so many lucky coincidences and lucky hardware quirks, i think it was malicious.
its always malice, no company in the modern era hides info because of embarrassment to them embarrassments are just good coverage until the majority of people "forget" after 24hours.....these new age people might as well have the memory of a goldfish, if you don't maintain training fish just default back to base needs, like the fools who run a good country into the ground for "the greater good"
Lol so I can have anything in your bank account and retirement accounts right? You don’t have anything to hide and you don’t believe in private property rights, so why not send your life savings to me?
I already knew about this about a month ago because Kaspersky sent me a message saying 'update all your ios devices' and linked to the securelist article (securelist is owned by Kaspersky for clarity)
Okay so some things to know, it is actually able to find on a device. I had a friend go to federal prison recently and my phone started acting up, I got a voicemessage with this payload ingrained. I actually still have the payload on my computer in a vm for testing. It was an interesting ass process to find, but even more interesting that just based off a friend going to jail a governmental body felt it opened the right to infect close people. I was on IOS 15.6.1 SO UPDATE UPDATE UPDATE!
i used to work at t-mobile around 2020 during lockdown, and a customer brought their iphone in saying somebody was listening and watching everything he does. They basically had 24/7 screenshare and can access root files.
If you develop a CPU you need to implement some basic "backdoor": you need to scan the CPU for errors in the production plant. Usually there should be fuses to permanently deactivate these debug functions. Some plants used to cut the part of the chip: but it is expensive to cut some silicon off after the final validation. You see many SOC's where the fuses aren't set because somebody forgot at the production phase and the pushed the last known good working development phase out through the door. It's often timelines where some undocumented function or firmware read/write fuses got forgotten, or every device uses the same master key. You need to sell some iPhones with the debug function enabled to development studios.
Development studios, what? This isn't a console or something similar, there's no such a thing as an iPhone devkit. It's just the combo xcode and whatever runs ios.
Dude, you DON'T just "forget" at multi-BILLION ultra-high-tech production where every step is approved, monitored, checked and re-checked multiple times by different people and machines.
If you have something to hide your device should be one of those things, if you have a phone full of "based memes" you better make sure they can't trace it back to you, and your phone should be full of only wholesome as heck memes.
I've been doing what I've been doing long enough to believe that the NSA has almost certainly approached vendors to do this exact thing. The problem with making a backdoor for the three & four letter boys, is that it does so for everyone else. Give it enough time and it will be their backdoor too.
I'm still not upgrading! I've been waiting years on IOS 16.0 for a jailbreak. Let's hope this exploit can be used to jailbreak my phone and then we can patch it ourselves. :)
Actually in Russia in special forces, military and other high rank government organizations, it has already been prohibited to use iphones or some androids long ago. However, very few people actually follow these guidelines. Part of this is because alternatives suck.
What baffles me is how slow the blue team is. This is an old attack. I cannot specify how old due to implications but there are so many more unpatched ones....
I worked for small companies, I worked for large companies in software dev. The amount of carelessness, mess, lack of security, self-awareness is so through the roof that it doesn't take CIA || FSB || NSO || ISIS agent to implement a backdoor by kidnapping the CEO's family. You just wait for the laziness of devs or send your own dev to do the thing. Or just log in to their MySQL with root root and put some git and cat commands.
These are fully functional registers, this isn't an accidental design flaw like some examples FPU or branch prediction errors that can be used for exploits.
Kaspersky always had some of the best malware researchers. Whether to trust them or not, they say they don't have ties with Russian governement but Apple said the same thing so...
So basically if the cpu manufacturers have properly designed their products to be secure, none of this could have happened? It appears that the problem lies in the very root of the tech system.
The only backdoor needed is the software update system on iOS. All apple has to do push a single malicious update to all devices to gain access to them and none of us would know about it.
@@JPS13Laptop if they're gonna do something like brick their devices, yeah that would be painfully obvious but something like taking screenshots and recording keyboard input, that's something that a user wouldn't be able to to identify much less detect using a network packet sniffer when that data is discretely sent back using encryption. It's even something that apple can write off as quality assurance telemetry used for improving the iOS ecosystem and users would have 0 evidence to prove the contrary since they wouldn't be able to read the data being sent back. Keyboard inputs are already sent back for text prediction, the photos you take that automatically get uploaded to iCloud are reviewed by apple for regulatory compliance, your text messages are processed through Apple servers. Breaking end to end encryption is straightforward for apple and only requires a couple changes of code to grant themselves access and no one else. No one would even notice since the imessage's source code isn't visible to the public.
@@georgek4416 and it can last only of an update cycle, at which point the switch it out and by the time someone figures it was a breach it will be "patched" for a very long time
to answer "how did the researchers find these undocumented registers?" thing, after watching enough talks on exploiting hardware like this (notably people like christopher domas), i can guarantee you it just kinda happened by accident by fuzzing the cpu, noticed the system crash after hitting one of the undocumented registers, and then just trial and error until they figure out what it wants. it's happened several times before
Not saying it was a backdoor. But if I wanted to code a backdoor, this is what I would have done.
It’s really a feature and not a bug in this case.
You would have coded it to require a 10 stage chain of exploits , across multiple development teams and computer design engineers?
If it were your job, you would be very bad at it.
Now that Intel is ramping up manufacturing in that country, you can be assured that more hidden instructions will be put into the processors below level zero.
🤣
@@TheOfficialOriginalChad good backdoors aren't easy to find, the point is only you know about it
Makes you wonder just how many of these "vulnerabilities" exist.
Enough that if you knew how many you’d want to never tap a phone again! But lets hope most of them are undiscovered (for now)
@@junyaiwaseyup I won’t own a mobile tracking device even a handheld one let alone the next generations , wearable , implantable , last but not least grown into your fucking brain !!!
@@junyaiwaseoh boy , it’s just the beginning I’m afraid
This is just the stuff we hear about.
Let's talk about how many iPhone exploits are the same as Mac computer exploits that still haven't been patched; find them, and you'll destroy Apple in a day. I wish I was joking, yet here we are..
So the alleged backdoor is a set of registers in the processor that can directly write to and read from the memory while there is no other reason for these registers to exist. Sounds eerily similar to the Intel Management Engine or the AMD PSP.
Definitely a coincidence how every major chip manufacturer added the same type of vulnerability to their products, 3 letter agencies are most certainly not involved.
There is a vulnerable to hitting the like button on RUclips... you did not hear that from me thou
@@Tycy2014 EXPLAIN GOOD SIR.
@catmanmliolunny anytime there is a handshack between 2 users it uploads that into RUclipss data if you have a payload hidden behind your comments like button (if you already ran a sql injection on your comment) you can than have your like button carry payloads to other users and use assembly root functions to brute force your way or key loggers your way into others systems or get there internet traffic. The way you determine your like buttons url is by using Google Dorks to find the exact location of your comment... this is a multi step process
Edit: I'm working on multiple cves right now using hidden payloads to find locations of people, all you need is the hand shack and a man in the middle function, and you can go crazy
Edit: it's like giving cookies but only if you don't have access to their system.... if I wanted I could find out where you live given enough time. Or I could use social engineering to get the same results.
@@Tycy2014 Worked like a charm, thanks homie
@@kphaxx oh no
"Don't worry, as long as we keep the backdoor a secret nobody will ever find it"
Problem with that is that hackers and hostile states will from now on just assume there's a backdoor and look for it tirelessly.
this is the exact issue I hated in the earn it act, putting a back door for the government means everyone can get that backdoor
@atomicskull6405
They didn't stumble across anything.
Pegasus is Israeli.
They either have insiders at various American glow bro organizations or they bribe and blackmail their way into getting access to le secret spy codes.
There's always, and I mean always a back door.
@@gravyd316not true
Or have someone sell the secret to them. Which us probably what they did
hope the glow boys enjoyed watching me goon at 4am
kek
Based
Hahaha absolutely insane
Theyll probably save some of it for themselves no doubt. :)
Goon?
Deniability by the US is harder when they have been caught doing so many other behind the scenes spying... such as on social media.
Who cares what the Russians think? They can whine all day, it’s not like they wouldn’t conduct similar tactics.
I mean, is there a government out there that doesn't do this crap?
Exactly
@@moonasha most are very primitive and all but a handfull don't have aceess to global firms with bilions of users . it's a matter of exposure scale
stuxnet
Saw the triangulation presentation last night.. it's very clearly a backdoor.. and what was interesting is that it's been used for 10 years .. also the fact you can write to your own memory address if you know a "secret code " is fucking bananas
Link?
Dang I wanna see.
@@LewyM7 below dude
#secret code
😂😂😂
No link showing up bruh
At one time, I worked with a network engineer that used to be in the Military. He had access to MS Source Code, not OP code, but the uncompiled Source Code. He said the military would not allow any device or software into their secure areas unless they had full control of it. He also said that the only sure way to defend a device was to remove external access. This includes having shielded hardware so it cannot be accessed via a remote, directional device that utilizes it's own EM broadcast to reach into your Hardware. Sci-Fi stuff huh? This was 28 years ago. Imagine what they can do now....
That is so cool... too bad we are not presented this choice either, and have to deal with this bs
Whats OP code?
Didnt understand half of it but that sounds badass
28 years ago was the era of 14.4k baud modems, cd-roms were connected through soundcards and this new OS called Windows 95 had just been released.
There were no cell phones nor the concept of "devices" or "network engineers"
It would also make you at least 40 years old today and old enough to not be so gullible or make up fake stories.
What would having access to the source code do? Fork and compile their own version of win95 with the same undiscovered vulnerabilities as that is safer? 😂
@@sirtra it's not foolproof, but having source code to inspect makes it a lot harder to slip in a back door.
Tim Cook: "Yeah, but sideloading is way more dangerous to our users security."
Image more than one thing being true at the same time.
@@Stone_624 except the sideloading part isn't true, you can always make it difficult for amateurs to sideload, they just want their 30% cut.
"sideloading" what a stupid name they made. Why is it allowed on Macs then?
I've been using Android for the past 6 years. And in that time, half of the apps I use are pirated, sideloaded apps. Never in this time have I ever been infected with malware, because well, I use my brains when sideloading. @@Stone_624
@@Stone_624 imagine you know nothing about sideloading and make a dumb comment.
The Pegasus exploit was actually insane, they used the fact that the steps of the gif compression algorithm were Turing complete, along with an exploit that let them execute an arbitrary number of steps of that algorithm, to build a computer out of the compression algorithm. When combined with the overflow exploit giving them access to the devices memory they had full control of the phone.
Yeah that really doesn't sound like it was planned. And the unused registers probably were there for redundancy or they simply were left overs from the development.
Smart mfs doing stuff like this meanwhile I’m proud of my crud b2b saas. Feels bad.
@@zekiz774people here would rather attribute to malice something that can easily be explained as an oversight in an insanely complicated system. I’m really not apples biggest fan, but jumping to accusing them of conspiracy is unhinged.
@@sn00pysfonesmart people push the world forwards, were just along for the ride
Pegasus is actually pretty beautiful from a coding perspective.
I remember working with assembly in school. Never thought I'd hear the term "unused registers" lol.
Undocumented bit combinations in the machine code might hint at undocumented registers in the hardware. But figuring out special functions for those registers would be tricky.
Unused space in the instruction set, on the other hand, is common.
Not like the general purpose registers on the CPU -- probably talking about registers in the SoC, written to with a special instruction or memory mapped at some hardware address. Writing to it controls certain aspects of the various things in the System on a Chip.
It exists in Intel and AMD. Undocumented instructions.
We normally call them "undocumented registers". And they would refer to registers in hardware devices, not the CPU registers. Though even in the 8-bit days there were undocumented registers or partially documented registers, and modern CPUs are orders of magnitude more complex, often with multiple CPU cores in them, so a lot more places to hide undocumented registers. Undocumented opcodes are extremely common.
@@Muhammad-sx7wr Always has.
It's about time. The walled garden is breached
Everything is breached
The walled garden was never one to begin with (at least to the alphabet bois and NSO 😂)
There has never been a wall, just a fence
@@DanteMishima that goes with any sort of security. No one has perfect security.
Its pretty funny, considering several defence contractors and official defense departments around the world have contracts with apple to use iphones with IOS as their provided mobile devices, as well as Imessage as one of the primary comunication application.
I wonder if they get patched version of ios, that don't have these vulns
@@mycommentmyopinion imo unlikely. Someone within govt wanted total possible oversight over these contractors & defense depts by forcing then to use iphones & imessage they insured this happened. Imo this was an intentional backdoor sponsored by the US govt.
funny how the government actually trusts closed source software for critical and sensitive stuff.
Not that funny if you consider their versions are probably a lot different than the consumer models.
@@dangerous8333 I would believe it's only the hardware with specialized software, but if not it seems like a bigger problem.
No, they found *A* backdoor. Proprietary software is proprietary.
reverse engineering doesnt exist apparently
Not with Ghidra it's not.
@@thewhitefalcon8539 If you buy a device with the software instead of installing it yourself, not even Ghidra can help you. If (and the size of that if may vary) the device lets you download the software off of it in order to decompile it, you have to trust that the hardware gives you the same code as whats running.
i think its a jab at the fact iphones are considered "the most secure phone"
@@detecta100% this. Apple does an awesome job of keeping it's cult brainwashed and loyal.
Just like when they used to say "Macs don't get viruses." 😂
Apple users: "Umm, actually, it's a feature to protect me."
"We're the resistance, this backdoor is only to stop the bad people from using iPhones."
Nah, f no. I dislike Apple because of their bs and lies.
"It's to make the battery work better on older phones."
@@glock-kaydo we even have something secure? I mean intel me work regardless of your os
@@ДімаКрасько-с7мNo. Nothing is
Remeber guys, if they say its the most secure with no open source software,
Its not
People should look at Mattermost application open source for self-hosted end to end encrypted messaging. It's like Slack for developers, used for secure communications by Airforce, Samsung, and more.
And Hardware?
@@GrueneVanilleWaffel Truly difficult finding OS hardware because the scale of production it takes a hardware company to be profitable is a long time horizon and huge amounts of capital.
While you can find some OS hardware, you can do a surprising amount of interesting things running with Virtual Machines if you really know what you're doing.
Remember, the more convenient/usable the product, the more hackable it is.
OG cybersecure guys run many systems straight from the Command Line on an old Thinkpad laptop as a controller for a big server farm, but you have to know what you're doing.
If you don't need a specific app and it might have a security vulnerability and you can't remove it the only think you can really do is not use the entire thing.
>a blackbox has horrible vulnerabilities?
Oh shucks matey i could not have possibly expected something like that
I mean an open box also has horrible vulnerabilities... A little harder to make them intentional like in blackbox, but Minnesota Linux kernel ban situation kinda proved it to be possible...
Unfortunately, there are plenty of horrible vulns even in open source. A couple of sudo vulns went undiscovered for over a decade, and these led to full privilege escalation.
@@surewhynot6259 The point was rather, all software has vulnerabilities, and making it closed source makes things worse.
Couldn't you bypass any Linux system by pressing backspace 20 something times?
@@chrisdawson1776 That really was not as big of a deal as people made it out to be, if someone got into the position to exploit that vulnerability you had already lost at every step because the person is literally standing in-front of your system.
Generally exploits that require physical access to the system are more of a joke than anything since at that point there are countless non exploit ways to get into the system.
But most importantly, that exploit is for GRUB2 if you encrypt your system (if you want password protection on your OS) getting past GRUB2 is going to be utterly worthless.
As is i'd bet 99% of users do not have a password set for GRUB2, same goes for corporations (at least those i worked for) because it's simply unnecessary and in a corporate environment you don't want to be locked out of your boot loader with a password.
TLDR: that exploit was overblown lwn.net/Articles/668695/
This isn't about software, you could run 100% free software, and yet your CPU would still be backdoored. And you know that AMD and Intel both have it too, likely other ARM manufacturers too, who knows which are safe if any
Chips within chips within chips 🪆
There seems to be some open source hardware development going on, maybe if we get a year of linux desktop one day we get a day of linux cpus.
@@fulconandroadcone9488 Even with open hardware we can't tell if the fab that makes the CPU didn't tamper with it
If the software is FOS, there are plenty enough geeks to find and patch those exploits in due time. If it's not, they will sit there until the for profit programmers who work on things that make them money (AKA not wasting time looking for potential security exploits in the most obscure corners of their source code) to fix it, or for a scandal like this to force their hand.
A hardware exploit is meaningless if there is no software path to activate it.
@@fulconandroadcone9488it’s almost impossible for a reasonably priced open source cpu to exist based on just how complicated it is
Based on how convoluted the attack chain was obfuscated and yet how easy it is for an attacker, this was definitely intentionally implemented to make the attack method difficult to find and easy to carry out.
5:08 They call the process "fuzzing". Essentially, throw arbitrary instructions at the chip and see what happens. Some you cab bruteforce like that really quickly. Others can take weeks.
because ARM is RISC
Yup. Fuzzing (and JTAG/test pads) is how a lot of this kinda stuff gets discovered.
@@古明地恋-s9c They do it to x86 too. Easier and quicker on RISC chips though.
@@lucasthompson1650 then the question is, doesn't apple has better access to those same things, and could run it from you know start of development instead of having to buy some some and revers engineer all of the stuff?
yeah i've watched some of christopher domas defcon talks on youtube and this is exactly the sprt of stuff he does, And he is just one guy. An entire corporation can surely do the same sort of stuff
Sending this to my apple obsessed friend
Nooooo, he gonna defend Apple anyway😂
Security has always been a matter of ''are you bored enough to do it? '' as opposed to the fear based ''is it possible? ''
Can't get viruses. Just entire vulnerabilities. But they won't let you so much as install an app not authorized by them.
I love how everyone was in a big fuss about side loading apps being a huge risk while shit like this happens every few years. Just like those massive icloud breaches back in the 2010’s
Or remove apps that might be entry points.
Apple is the virus
My face when closed source software isnt the most secure thing in the world
Hardware
@@GrueneVanilleWaffelhe means iOS but yea you’re both right
@@GrueneVanilleWaffel wdym by hardware? Not disagreeing just have no clue what you mean
@@CentreMetresoftware is any sort of application within the device. hardware is the actual device itself and all its parts.
a good way to remember it is, if the equipment can be touched it’s hardware, if it cannot it is software
@@DinahAO I know the difference between hardware and software. I just dont get why he meant by the word "hardware"
Hidden instructions and registers can be found by fuzzing the CPU. This is something that has been done in the past on custom CPUs based on well-known architectures. I think the main question is why these unused features got in the final product, or if is an undesired side effect in the architecture.
The reason why might be as simple as to cut the costs that would go into design and verification stages for a new version of the chip with the registers removed.
Fuzzing won't find everything
Yes, especially when you consider that they could make the exploit dependant on two special instructions in a row. The second won't do anything unless the first one is used directly before and using the first instruction will not produce any visible effect unless the second is used directly after.
How you gonna brute force fuzz your way through that? There's exponential possibilities.
@@rivershen8199 plus there could also be built in time depedancies - this adds another level of exponential possibilities.
@@ic7481 It can find A LOT. For example AMD's (formerly Xilinx) bitstream formats of their 7-series FPGAs have been reverse-engineered with fuzzing.
The apple people "we can't get hacked" also pegasus exist.
And also apple themselves are the biggest threat to apple users privacy, and i would like to brag ablut using android, but i don't even think google is less bad...
Well at least i use linux on my computer
@@no_name4796 - What we need is a law mandating that all hardware above a certain level of processing capability (IE, anything stronger than a smart phone from ten years ago) has to support an open source operating system - either freeBSD or Linux, where the penalty for a regulator not being able to install Linux or freeBSD on the device, is a full public-domain release of all hardware schematics, and any and all source code related to the device, along with a forfeiture of any copyrights and patents related to said device. We need to stop dancing around the bush on this shit - if it supports Linux then it'll support Windows, Android, and any other operating system in existence as well.
@@no_name4796To be very fair, I think mobile devices are easier to compromise then desktops. I think I saw a video about someone claiming the opposite and I sort of laughed at it, but I couldn’t tell ya if that is true or not.
Personally, I think it easier because phones are largely ‘simpler’ systems with more attack vectors since they are ‘smart’ devices. The chips are different from desktops, there is more features like the camera or the fingerprint detection that can make a hacker blush. Finally, I think the more closed source nature of the app stores could be used to maliciously distribute bad code easier then just browsing online.
I could be wrong, I am definitely not a security expert.
@@no_name4796depends on what phone and os you use, you can use lineageos and hell even grapheneos if you want!
as someone who doesnt like apple at all, and genuinely really believes that Pegasus and other mythical creatures exist, your comment has me really confused. i am not being sarcastic at all
I remember hearing about some folks getting stalked with a similar exploit.
It was with this exact one
Going by the analysis of Marcan (the MacBook Linux guy), it seems like this vulnerability could have plausibly been found by just guessing. The memory addresses it uses lie right next to the GPU control area, so by poking here and there you could have found it does _something._
Still, the number of (0-day) exploits used here and the sophistication of the entire deployment chain is mind-boggling and comparable only to the likes of Stuxnet! Definitely from a state-sponsored hacking group.
And he also thinks they're hardware design debug registers, not an intended backdoor, per se.
@@silverdragonslair The best part these things are not exclusive.
4 new zero day drop 🗣🗣🗣
🔥🔥🥶🥶
defo a glowie backdoor
At this point, Apple does not have vulnerabilities. They have full-blown goatses.
Why did you do this
please take my like and delete this naow
Full blown and goatse should NEVER be together in a sentence….. 🤢
This isn't a full blown goatse. It's actually a very typical escalation chain.
I just like the term goatse
Apple users try to not bend over for the company challenge (impossible)
Googles not any better lol all big tech companies are a huge privacy concern example being the incognito recently
Look y’all once your device has Wifi, Bluetooth or any means of connecting with the outside world it’s vulnerable, theoretically if you actually wanted to be completely safe you’d need to download all apps and games that you want, then disconnect the Wifi and Bluetooth chip, plus other components that may have contact with the outside world. No system is 100% safe
anglophone try not to blame individuals for systemic issues challenge
(just read althusser)
How is this exclusively an Apple thing? Like yes this particular video is about an Apple exploit that is really dangerous and that’s bad, granted. But if you think there aren’t cyber weapons that are just as dangerous targeted around Windows and Linux you are deluding yourself. The US has already leaked some of the ones targeted around Windows accidentally, we know they have them.
5:50 I work in 3rd party repair fixing iPhones for a living. I once accidentally triggered the iPhone the blue screen (yes blue screen on iOS) with a strange code on the display. Apple support didn’t know what it was and google had no info. I accidentally triggered it by connecting a faulty screen with the pins for the display connection misaligned. My best guess is it was some sort of internal debugging or diagnostic mode.
So I’m not saying that you’re wrong I’m just saying it’s possible to Find these “back doors” in other ways.
Shame it was abused by the glowies instead of given to the people for a jailbreak instead.
fr an ios 15.7 jailbreak on non checkm8 devices would be amazing
@@thewonderingape6383aka you currently have that setup right
i may or may not be hoping for something similar though lol
@@thewonderingape6383it’s coming
Too bad the gloweys have way more vulnerabilities.
This kind of thing, where the hardware itself is 'untrustworthy', has been a suspicion for years. I have some older IBM laptops which I use for a password database, that is never connected online, but also because it is one of the last laptops where the chipsets are 'known' to be what you think they are. Without any possible additional 'features'. Excellent video as always.
I wonder how long until fully open source chip designs hit the market, I have seen some RISC V but at very low powers, maybe in a few years it will only be a question can we trust the foundry to build actual designs,
What era/chipset is that out of interest?
@@contactjd i mean there is no proof even back then that they arent backdoored. I think in the K& R C boiok there is even a topic about rogue compilers. like the problem goes way back to the 70s/80s.
"china phone bad because backdoor"
America fone:
i feel like the reason for canada to ban Xiaomi was not because they cared about their citizens' privacy, but rather to monopolize on profiting from their data themselves
This. China doesnt need to collect data themselves, they already have an immense inhouse userbase. And they can just buy it@@nxb00
I figured this had something to do with Pegasus. Crazy it took them this long to patch it.
One of the exploits used is from the 90's 😂
"Patch"...🤨
Bro please inform people that simple mobile tools got sold to some sketchy corpo
@@kevinm45684to zipoapps, known to buy projects and then put ads and subscriptions on them
So, it was good while it lasted 🫡
@@kevinm45684zippoapps
@@kevinm45684some random chinese company that makes ad bloated apps :< But!! If you do NOT update you are fine!
@@kevinm45684zippoapps
Thanks for the heads up! Just uninstalled.
"Spectre and Meltdown, which were like 5 years ago."
Yeah I feel old now.
When you design your own silicon it's almost impossible to accidentally add extra stuff.
It's a massive investment especially in this case, and everything gets checked thousands of times by hundreds of experts.
You say expert, I say coworker desperately trying to close the Jira ticket from hell to get his manager off his back.
@@theofficialjeff Isn't Jira for software development
@@Arek_R. project management in general ¯\_(ツ)_/¯
'Backdoors' are in the original charter of the F.B.I. It started with phones and service providers being required to design the phone network so it can be spied on.
You do realize that the "original" FBI charter was written only 40 or so years ago, well after the FBI had been in existence, yes?
And no, that original charter makes no mention of requiring phone providers to design a network that can be spied on.
The nature of analog and digital are such that they can be spied on. No one forced anyone to make them that way.
Anyone who understands even the basics of how wires and circuits work can see that. It's not particularly complicated. 😂
5:45 How could anyone figure out how to use this undocumented feature?
There was an interesting presentation, on the Intel-AMD64 architecture, at one of the major programming conferences a couple years ago.
1) the presenter wrote very clever code to find undocumented instructions. This included executing bytes at the very end of a memory page to see if the instruction was "taken" before it fetched bytes from beyond the page. When discovering a new instruction, he would thus determine how many bytes it needed.
2) read patent applications. If they describe some feature of the SoC, maybe they're _doing_ something like that on some existing product now.
I'm sure the same principles apply to this platform.
Brilliant observation!
State level actors can also simply crack open an iPhone and run it under an SEM. Hell, @BreakingTaps does this as an individual. Not a long shot to find secret registers that way.
What's an SEM?
@@afinelad3673scanning electron microscope
Scanning electron microscope. They can detect much finer detail than light can.
So basically ACE from fucking Zelda speed running but even worse. Amazing.
Being able to mess with memory is unbelievable.
They attacked Kaspersky devs? Oh yeah this glows brightly.
that was a while back and he also covered the news
That was how they got caught, they attacked researchers @ Kaspersky and they managed to uncover the whole thing.
In my opinion, this is clearly a backdoor planted by the manufacturer
the NSA forces US semiconductor manufacturers to leave physical backdoors in the architecture itself, TSMC doesnt escape it either
I've been suspecting this for years, suprised to hear pseudo confirmation
Exploit aside, your presentation was perfectly on the spot. No rambling, no bs, just spot on fax & technical breakdowns. 👍
Closed source, absolutely proprietary
I wouldn’t be surprised if they put Pegasus on the phones before they come out at this point.
Anyone remember the time when an organization had to get involved for a iphone where the really badly wanted to get the contents but one last failed password attempt wiped the iphone's contents? I wonder if anything related to this backdoor could be connected back to that whole thing that ended up being a huge non-story at the end of the day.
Thats why i use GrapheneOS on my Google Pixel and you should too
Do you think Google doesn't include hardware backdoors in their pixel phones?
Nice bet
*unless there's a zero day for grapheme we don't know about despite all that open source*
@@kevinm45684 Hello, mr Glowwie 45684
I use a modified Android
@@kevinmiller5467 Still a better bet than the combo of backdoored OS+hardware. Even if the hardware itself is compromised, you have to find an (unintentional) 0 day exploit that escalates you from nothing to hardware level in order to exploit that backdoor anyway. And the grapheneos team has shown that they really dont play around and actively assume through each line they write that "if this piece of code were to be exploited, would the danger at least be contained?"
Also it is very difficult nowadays to find hardware that is (provably) not backdoored, or check the integrity of the claimed implementation, which is why even if they open sourced their titan m firmware you still would not be completely sure. This is why bothering with such details goes beyond tinfoil hat territory. I mean if someone else with backdoor access gets a physical hold of your phone you would be screwed but if your threat model is that large and you got in that situation you screwed up somewhere else entirely anyway...
7:25 As someone who was in Russia, saying “avoid American products” is very difficult because the Russian versions were so underwhelming. Matter of fact, Putin has been trying to push Russians to use their version for years. Guess what though. Because of the Russian war, a large adoption of Russian products arose. Although it’s still not the majority because these products are still mediocre.
And in 90% of cases are re-brands made in china from used/bad binned chips. No wonders here, even if they have a tech, there is no way to make modern things, there are no factories capable of making them (even something of 2010`s level of architecture).
I'm not sure about the government jobs, but pretty much everyone here uses WhatsApp, no matter the age. Younger folk (especially females) uses Instagram (via VPN) - both belong to Meta.
Thank you for all your videos, of all genres. They’re always appreciated and at least somewhat entertaining. But someone referring to you as Vegan Gains is just about the funniest thing I’ve seen related to your context.
lmao 🤣🤣🤣
Bro is a doppelgänger
imagine using apple products at this point.
Do you really think android is safer?
@@Not_Airrack at this point anything is better than apple, and the best choice of all is to get off grid, cant hack what isn't digital. when real life comes knocking these hackers wont be safe.
Real Life catches up to everyone
It’s honestly mostly about the convenience of a simple device. I still have an android for work and more heavy duty stuff but an iphone is an easier daily driver for simple tasks.
@@firewhite Apple is not more convenient its OS is built so that normies cant do anything with it other than what apple allows....these people must like being in a playpen while everyone else goes outside to the real playground.
saying apple is an "easier daily driver for simple tasks" is like saying a children's learning computer from playschool is the best choice for people who need an "easier daily driver for simple tasks"
the problem is people refuse to adapt to technology and the companies are taking advantage of said ignorant customer who refused to move away from a locked system that they don't even truly own, therefore allowing the industry to corner people into thinking that a closed system is better than an open one
it happened to restaurants, it happened to cars, and now its happening to basic computer and phone....
@@Not_Airracklaughs in graphene os yes mate it is :P
Death knocking on door meme.
Intel door: 👽 dead
AMD door: 👽 dead
ARM door: knock knock 👽
Bogos binted energy 👽
Well, time for PowerPC to come back
RISC-V pls save us!
Rotten 🥧
If Kaspersky is reporting on this it was the one for the Russian iPhone users at the start of the war, and now they started to use Chinese phones. This comes after the Push Notification server thing for all phones, the US Government and associates is grubbing on these.
The only reason to keep code closed source is because you have something to hide. Either its embarrassingly bad, or its malicious. Today, like every day you see closed source products, you have to ask yourself. Was this incompetence or malice?
In this case it took so many lucky coincidences and lucky hardware quirks, i think it was malicious.
its always malice, no company in the modern era hides info because of embarrassment to them embarrassments are just good coverage until the majority of people "forget" after 24hours.....these new age people might as well have the memory of a goldfish, if you don't maintain training fish just default back to base needs, like the fools who run a good country into the ground for "the greater good"
Or archaic licensing deals from 30+ years ago that are still in effect.
Or u don’t want an open source version to float around?
Lol so I can have anything in your bank account and retirement accounts right? You don’t have anything to hide and you don’t believe in private property rights, so why not send your life savings to me?
@@cat-.- This
I already knew about this about a month ago because Kaspersky sent me a message saying 'update all your ios devices' and linked to the securelist article (securelist is owned by Kaspersky for clarity)
Okay so some things to know, it is actually able to find on a device. I had a friend go to federal prison recently and my phone started acting up, I got a voicemessage with this payload ingrained. I actually still have the payload on my computer in a vm for testing. It was an interesting ass process to find, but even more interesting that just based off a friend going to jail a governmental body felt it opened the right to infect close people. I was on IOS 15.6.1 SO UPDATE UPDATE UPDATE!
Use it for root ) Seriosly, though, it's scary. I'd get rid of any apple shit long ago.
Thank you Jason Tatum for this information
I hate the Celtics but I love FOSS
i used to work at t-mobile around 2020 during lockdown, and a customer brought their iphone in saying somebody was listening and watching everything he does. They basically had 24/7 screenshare and can access root files.
Just the other day there were news saying Apple phones were very secure..
Wondering if this whole thing will hit mainstream news too
When they get messages with links to blogs describing it they will most likely self destruct on arrival without trace.
What a timing.
Just saw their C3-talk about them being targeted by this vulnerability.
Might want to check it out aswell.
May I remind the Intel management engine? Which is a part of every Intel processor. It is suspected to be a hardwired backdoor. Same with AMD CPU's.
Its not a problem of proprietary software. It's a problem of gov't control over software, which you have aplauded on this channel.
If you develop a CPU you need to implement some basic "backdoor": you need to scan the CPU for errors in the production plant. Usually there should be fuses to permanently deactivate these debug functions. Some plants used to cut the part of the chip: but it is expensive to cut some silicon off after the final validation. You see many SOC's where the fuses aren't set because somebody forgot at the production phase and the pushed the last known good working development phase out through the door. It's often timelines where some undocumented function or firmware read/write fuses got forgotten, or every device uses the same master key. You need to sell some iPhones with the debug function enabled to development studios.
What kind of development studios need debug function enabled?
Reminds me of the AMD Athlon cpu, you could increase the clock speed with a small line of pencil between two points
Development studios, what? This isn't a console or something similar, there's no such a thing as an iPhone devkit. It's just the combo xcode and whatever runs ios.
Dude, you DON'T just "forget" at multi-BILLION ultra-high-tech production where every step is approved, monitored, checked and re-checked multiple times by different people and machines.
Great video. Commenting to boost visibility.
If you have something to hide your device should be one of those things, if you have a phone full of "based memes" you better make sure they can't trace it back to you, and your phone should be full of only wholesome as heck memes.
So McAfee was right? Who would have thought.
I've been doing what I've been doing long enough to believe that the NSA has almost certainly approached vendors to do this exact thing. The problem with making a backdoor for the three & four letter boys, is that it does so for everyone else. Give it enough time and it will be their backdoor too.
man i live in cave
Tim Apple 🤣
Loving the flolding table setup in the back
I'm still not upgrading! I've been waiting years on IOS 16.0 for a jailbreak. Let's hope this exploit can be used to jailbreak my phone and then we can patch it ourselves. :)
Man Tim Apple is such a good guy
Actually in Russia in special forces, military and other high rank government organizations, it has already been prohibited to use iphones or some androids long ago. However, very few people actually follow these guidelines. Part of this is because alternatives suck.
What baffles me is how slow the blue team is.
This is an old attack. I cannot specify how old due to implications but there are so many more unpatched ones....
I worked for small companies, I worked for large companies in software dev. The amount of carelessness, mess, lack of security, self-awareness is so through the roof that it doesn't take CIA || FSB || NSO || ISIS agent to implement a backdoor by kidnapping the CEO's family. You just wait for the laziness of devs or send your own dev to do the thing. Or just log in to their MySQL with root root and put some git and cat commands.
Yes ...
It's the same reason for solar winds
These are fully functional registers, this isn't an accidental design flaw like some examples FPU or branch prediction errors that can be used for exploits.
The biggest back door that is impossible to patch is the human mind social engineering will always rule
I trust kaspersky more now…
Qrd on Kaspersky?
Ah, fighting spyware with spyware
Kaspersky always had some of the best malware researchers. Whether to trust them or not, they say they don't have ties with Russian governement but Apple said the same thing so...
@@kokojackexcept Kaspersky is based in russia
@@nxb00 Exactly my point
None of the vulnerabilities on the page shown had anything to do with spectre or meltdown
iPhone mishaps make me lol. Pay 1 grand to have the glowies in your phone.
please do an update soon that for 2 days tor exit nodes have been going to Virginia for >48 hours according to several persons
So basically if the cpu manufacturers have properly designed their products to be secure, none of this could have happened?
It appears that the problem lies in the very root of the tech system.
your not allowed to produce systems impervious to the nsa if you do they will literally kill you
Hope everything is well with you. Cheers my friend.
Anytime I get shamed for not having an iPhone, I'm going to make them paranoid by telling them this.
Apple Fanboys deserve every ounce of shame for their devotion; but to be honest this exists on every piece of American tech…
@@hsew that's why I don't do anything on this phone.
I give an A+ for the meme thumbnail.
didn't Tesla have this issue also with the ARM architecture in their cars?
tesla used custom AMD chips which had a vulnerability with serial (cant remember wut exactly)
love to see a tech video every now and then instead of US centric ones
I´d say, the ONLY benign explanation is silicon reverse engineering parts that were meant for debugging. That being said... I´m not naive either...
poking memory at random goes brrrrrrrrr
That thumbnail is a work of art for this situation
If you insert a back door, you must make it look like an accidental vulnerability. This is the real reason C++ is still used so much.
That thumbnail is awesome
The only backdoor needed is the software update system on iOS. All apple has to do push a single malicious update to all devices to gain access to them and none of us would know about it.
Apple wouldn't be able to hide something like that for long.
@@JPS13Laptop if they're gonna do something like brick their devices, yeah that would be painfully obvious but something like taking screenshots and recording keyboard input, that's something that a user wouldn't be able to to identify much less detect using a network packet sniffer when that data is discretely sent back using encryption. It's even something that apple can write off as quality assurance telemetry used for improving the iOS ecosystem and users would have 0 evidence to prove the contrary since they wouldn't be able to read the data being sent back.
Keyboard inputs are already sent back for text prediction, the photos you take that automatically get uploaded to iCloud are reviewed by apple for regulatory compliance, your text messages are processed through Apple servers. Breaking end to end encryption is straightforward for apple and only requires a couple changes of code to grant themselves access and no one else. No one would even notice since the imessage's source code isn't visible to the public.
@@brandonn.1275 There is always a way to read the data coming out of a device. Even the encrypted stuff.
"But we didn't do it on purpose! It was just a vulnerability, we took immediate steps to resolve the issue blah blah"
@@georgek4416 and it can last only of an update cycle, at which point the switch it out and by the time someone figures it was a breach it will be "patched" for a very long time
Ohh!! Is it time?! For The Fappening 2: Backdoor Boogaloo?
to answer "how did the researchers find these undocumented registers?" thing, after watching enough talks on exploiting hardware like this (notably people like christopher domas), i can guarantee you it just kinda happened by accident by fuzzing the cpu, noticed the system crash after hitting one of the undocumented registers, and then just trial and error until they figure out what it wants. it's happened several times before
Your glowie thumbnails are always on point!
I remember back around 2016 when the FBI breaching an iPhone was a huge deal.
Very interesting and certainly quite the take on this situation.