> a way to do this on iPhones
A quick search suggests Lockdown mode might do it, which is corroborated by their support docs. It also does a bunch of other things that will probably degrade most users' experience, for what it's worth. https://support.apple.com/en-us/105120
> Wireless connectivity: Your device won't automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G and 3G cellular support is turned off for iPhone and iPad.
(Instructions to enable it are on the linked page.)
Thanks!
But also WTF Apple... I appreciate that this mode exists but each of those things should be allowed to be toggled independently. People need more fine grained experience.
For things that I think will affect people more than the wireless connectivity
I swear... Apple really does not want to make privacy and security convenient for users. It's as if (...) they want to provide the tools to say they have the best security but then make the UX so poor that no one will end up using them (and then they can justify not developing more because "nobody uses them")Security engineer here. Bundling these together actually makes sense.
- Message attachments are blocked because Apple has not figured out to serialize and deserialize attachments without buffer overflows. Look at how many zero days are due to message attachments. It's pretty clownish tbh.
- FaceTime is blocked because Apple has not figured out how to prevent an incoming FaceTime call from silently spying on you, which has already happened a couple times.
Government interception of your cell connection falls into a similar category of threat, so it's bundled together.
> FaceTime is blocked because Apple has not figured out how to prevent an incoming FaceTime call from silently spying on you, which has already happened a couple times.
There's also the codec problem. Apple doesn't trust itself to write secure codecs for message attachments, realtime codecs are at least as suspect. Codecs are tricky, and many vendors mess them up, so I'm not picking on Apple.
I'm sorry, but you didn't make a case for bundling together and why finer grain control is would not make sense.
I have no doubt that the problems you guys solve are incredibly complex. There is no question about that.
But does bundling really make sense? I'm not sure why being subject to a 2G downgrade attack is relevant to my threat model including message attachments or FaceTime.
For example, going to a concert, protest, or any large gathering greatly increases my chance of being subject to a 2G downgrade attack but I'm unconvinced it increases my chances of multimedia or FaceTime based attacks.
These fall together in an high enough level but doesn't all security issues? A step down in abstraction and I don't think these are linked.
But you're the expert here. I'll trust you over me, but would like to better understand what I'm missing. This is Hacker News. We can expect everyone here to be familiar with programming and basic security here. So get technical with me
Also security engineer here. You're thinking too small and in the wrong direction. You're not protecting against 2G downgrade attacks, you're protecting against an attacker who has a whole library of things to try on you to see what works.
Lockdown mode is intended to protect against sophisticated actors, the kind who will buy 0days for six or seven figures, roll it into a new version of their product and sell it to governments.
Lockdown mode blocks the riskiest parts of the platform. For example, iMessage no longer automatically unfurls links, because anyone can send you a message and potentially send an exploit that your phone happily triggers without you doing anything.
You don't get to pick a la carte because Apple wants the feature to be effective and simple to enable.
[dead]
> People need more fine grained experience.
That's pretty much against the Apple ethos, you're supposed to either use the things like everyone else does, or find something else. I guess that's the great and bad part about Apple. Signed, iPhone user.
There is also a 5G standalone option that forces everything on to 5g
That would appear to cut 4G too though which is not great