iPhones are once again a valid theft target, at least for 5+ years while these vulnerable devices are still the norm (and for even longer in non-US countries, i've heard that carriers in India still sell the 6s and 7).
The 8 and 8+ are still available on Apple.com, I wonder if we'll see a hardware revision or if they'll prematurely take it off the store.
This is often overlooked in discussions about iOS exploits. Although 64-bit exploits gets the limelight for obvious reasons such as the possibility of being valid for current series of Apple devices, older 32-bit devices still being used in non-US countries shouldn't be discounted.
Apple devices often cost much higher than US in some of these countries, the difference was even much higher several years back when Apple didn't have dedicated stores in these countries.
Case in point : iPhone 5C was supposedly discounted ($550) when compared to iPhone 5S at the time of launch in US. In India, it was around ~$700 at minimum. To put that in perspective, that was a cost for a decent motorcycle in India which a family can use for at-least 20-30 years.
iPhone 5C can still perform basic smartphone tasks at ease, although it could be very vulnerable to exploits even for basic browsing[1]. But an average consumer in India, doesn't care much about the updates when their phone gets basic tasks done.
Related to this, Apple just began production of iPhone 6s in India, allowing them to sell them for cheaper in India than units they would usually import from China. That’s 2015’s flagship iPhone being produced brand new. So don’t expect older iPhones to go away anytime soon, especially if India is within your target market.
Even in first-world countries this is an issue. My employer continues to support iOS 9 in their app because the balance of the cost of continuing to support it versus the cost of losing those customers on an iPhone 4s or iPad 2 is justified. Even if we bump it up, it probably won’t surpass iOS 12 (to continue supporting the iPhone 5s and 6) for several years.
I wonder if this means they’ll continue supporting the 6s for longer than other phones, like the 5s which enjoyed 6 years and 6 major iOS releases of support. It feels irresponsible to know there are still millions of instances of a smartphone in active use around the world, that stopped getting security patches. When Apple released GPS fixes for older phones, as well as new updates for the old thin Apple TVs with UI that still looks like iOS 6, and recent iTunes Windows updates (which bundle WebKit and other Apple core frameworks), they didn’t backport any patches for vulnerabilities that are well-known in these older releases. The cost/benefit almost definitely doesn’t add up favorably when their business primarily relies on hardware profit margins, I know, but it still seems like a responsible thing to do.
> Related to this, Apple just began production of iPhone 6s in India
So Apple is knowingly selling a device with a publicly known hardware vulnerability. Apple is very much aware of the vulnerability because them fixing it is what caused the vulnerability to become exploited.
Parts are less valuable compared to the cost of iPhones in the second-hand market. IIRC, logic boards can lose a lot of their value when they're locked with an Apple ID.
Other than dual-booting Android on the iPhone, I fail to see any other credibly useful reason to run the Linux kernel or some Linux distro on an iDevice.
IMHO the hardware is quite capable. Meaning that it would be a very convenient headless server with its own UPS.
Similarly to custom ROMs for Android breath new life in non supported devices, I believe running Linux on an old iDevice would be simple way to get perfectly good hardware doing something again.
As someone who doesn’t really know much about this, I wonder, would it be possible for iOS to understand (not prevent or fix) that this exploit has occurred and if so what benefits would there be to know?
I'm not sure what point you're making; secure designs do not equal no bugs. And even though this exploit is basically at the lowest level possible, it still is, on its own, not sufficient for a persistent jailbreak, apparently, which to me is pretty impressive from a defense-in-depth standpoint.
If you are waiting for devices completely free of any security bugs in the software and hardware, well, I hope you plan on living exceptionally long.
To add to that, we're also talking about an unusually long time for any system to stay unhacked. 9 years since Geohot's last bootrom exploit. And the user's data is still safe on any phone with the Secure Enclave and Touch ID (last 6 years) even when this exploit is used. At least until a better exploit is found.
I'd say that this qualifies it as "secure by design" for anybody who understands what this is about.
Those Chromebook ads annoy me. They say something like "the laptop with built-in antivirus", in such a way as to imply that's somehow unique - it isn't.
No, parent just confuses "design" with "implementation", and asserts that "secure by design" (even if taken as more than a marketing slogan) implies 0 bugs. The logic is flawed, the conclusion is wrong, and the presentation is needlessly aggressive. Their comment history just confirms this.
The 8 and 8+ are still available on Apple.com, I wonder if we'll see a hardware revision or if they'll prematurely take it off the store.