Paradigm Shift’s usbliter8 exploit targets Apple A12 and A13 SecureROM via USB DFU mode, creating an unpatchable hardware risk.
Hooray more jailbreaks!
Seems like exactly the kind of exploit that could be used in a jailbreak process. Curious to see what else gets done with it
This requires physical access. I don’t get it, why is this bad?
Someone with physical access can already pull out the disk, clone it, and put in a different disk that boots to an identical looking login, but which actually relays the password back to the attacker.
What more would this exploit allow an attcker with phsycal access that they wouldn’t already have before this exploit?
Disk? This is iPads and iPhones shits soldered on there typically right next to or inside the SOC
People store a lot of sensitive information on their phones and iPhones are big targets for phone theft. Physical access is quite easy once the device is snatched from the owner’s hands.
An attack via USB is much sneakier to pull off (no device surgery required) and more difficult to combat as an org. You essentially have to epoxy the ports shut or remove them physically and force your employees to charge their phones and tablets wirelessly. Not an unusual thing to do - I first saw this decades ago with PCs and laptops - but still.
Fun fact: With laptops commonly using USB ports for charging these days, higher-end business-oriented ones tend retain the old barrel plug so that they can still be used with USB ports being rendered inoperable.
Slightly off-topic: One of my last employers used software (I think it was a built-in utility of HP business computers) to disable USB ports on laptops instead, primarily to stop people from using insecure USB drives (only people working on really sensitive stuff had the ports epoxied). There was an internal file sharing service that was meant to be used in place of tiny drives you can accidentally lose, but it worked exceptionally poorly. They forgot that you can still transfer files via Bluetooth to virtually any other Bluetooth device that has storage, which is what I resorted to. It’s slow, but reliable, works with anything (even old dumb phones) and is of course not as stupid as using a commercial cloud service, which is what some of my colleagues did.
I think a lot of companies use EDR to software disable USB ports. But I wouldn’t recommend it.
🎻
Oh no not Apple’s highly profitable walled garden!
Jailbreakme! Please.
I think people already install Linux on those arm macbooks, no?
Holy shit you do know how to use the title field when creating a post! Good job
What the hell are you talking about? I’ve checked OP’s post history and everything has proper titles. Checked your comment history and the last post they made that you brought this up on likewise has an accurate title, and I’m not seeing any evidence that it was edited after posting.
Most of all, why waste time complaining about it? Just block and move on with your life.
(content in post) is not a title. Funny how they changed their posts after I said something lol
I’ve legitimately never seen this user post with that as the title, and I’m not seeing evidence they changed it.
Take screenshots next time or block them, because you look like a nutter.
Cool story.
https://piefed.social/c/[email protected]/p/2191835/content-in-post-body
https://piefed.social/c/[email protected]/p/2191066/content-in-post-body
https://piefed.social/c/[email protected]/p/2189425/content-in-post-body.
I could go on, but really all you need to do is look.
Except all of those have titles outside Piefed buddy. Check the original instance directly, or from any Lemmy instance.
It looks like this is an issue with Piefed not properly getting post titles from other instances, so maybe next time you can stop being an aggressive asshole.






