7 comments

[ 3.1 ms ] story [ 30.6 ms ] thread
So the jailer is selling keys...
No it's even worse it's just a 12 month loan.

https://security.apple.com/research-device/

How is that worse? Are you suggesting apple should be selling or charging for them?
You should be able to unlock the boot rom on hardware you own.

Apple here does not even want to sell a device that would allow you have full ownership.

They will only lease a device with quite a few restrictions if you look at the terms. Moreover only if your “security researcher” it’s freaking insane.

In a sane world this program would not even be needed since if apple did not interfere you could unlock the boot rom yourself

Again, they do not "lease" you a device. You do not pay for the security research device, you just demonstrate that you are a legitimate security researcher (e.g. you don't just want a less secure phone because your personal belief about what makes hardware good or bad), and if you are using the device for said research you tell them about issues you find.

The fact that you personally believe the trade off between security and "freedom" favors your definition of freedom doesn't make it inherently wrong that a manufacturer targets people who want a different definition of "freedom" (specifically the freedom you get on iOS where you know that if you're installing something it can't see any of your data from other apps, no existing app can see you've installed it, and if you don't want it you can remove it and know it can't have left anything behind). The fact that there are articles about malware on iOS, and there aren't the same about iOS tells you that there is a difference in outcomes of these models, and it's fairly anti-freedom to say that anyone who disagrees with your preferred trade offs shouldn't have that option.

The link I posted clearly states it's a loan/lease. Sure apple does not charge for it. It's still has terms though.

As for thinking not locking bootrom takes choices away that is false. Apple could ship the device without the eFuses being blown yet. Then give you choice to blow those to permanently/irreversible lock the device down to only software signed by Apple or some set of keys of your choice. These loaned security devices are just that these eFuses have not been blown yet and some additional software to get started poking around a little easier, but that software is not necessary in the general case.

Anyways I will just repost this and I also recommend reading the linked legal article:

Also you should be able run unsigned code on hardware you own if you want. One tenant of property ownership is the right of exclusion. Normally you would be able to choose what software to run or not run, but in this instance apple also has a say and they can say nope not that.

Here is the rub, normally when you sell something all rights are transferred, by the sale. If you wished to reserve rights it generally would require a contract/lease ect... However, apple here is using cryptography to effectively reserve the right of exclusion regarding what software can and can not run on that ARM core. The problem is you can go right now buy a iPhone and without even opening the box and agreeing to anything Apple has effectively already kept that right from you. Let me explain.

Let's say you did not want to use any of Apples software and install Linux on your phone. Apple still has the keys to the boot-ROM. The hardware will not boot any code not signed by apple. Here's the rub apple sold you the device which should have transferred all rights of that device. However, even after that sale Apple is maintaining the right to exclude software from executing on hardware they no longer own. This should be illegal, but they get away with some how probably because most people don't understand fully what's going on here.

In essence, Apple is encroaching upon individuals' personal property rights, particularly the right of exclusion. By employing cryptography post-sale, Apple effectively reserves the right to control what software can run on a device they no longer officially own.

For a more in-depth exploration of the right of exclusion, I highly recommend reading the paper titled "Property and the Right to Exclude" [https://core.ac.uk/download/pdf/33139498.pdf]

in particular the section "A. The Logical Primacy of the Right to Exclude"

There is no cash cost to the device.

If you're accepted to the program, the deal is you agree to report any vulnerability found to Apple first in exchange for 12 month access to a research device and automatic consideration for the bug bounty program.