Security engineer here. Bundling these together actually makes sense.
- Message attachments are blocked because Apple has not figured out to serialize and deserialize attachments without buffer overflows. Look at how many zero days are due to message attachments. It's pretty clownish tbh.
- FaceTime is blocked because Apple has not figured out how to prevent an incoming FaceTime call from silently spying on you, which has already happened a couple times.
Government interception of your cell connection falls into a similar category of threat, so it's bundled together.
> FaceTime is blocked because Apple has not figured out how to prevent an incoming FaceTime call from silently spying on you, which has already happened a couple times.
There's also the codec problem. Apple doesn't trust itself to write secure codecs for message attachments, realtime codecs are at least as suspect. Codecs are tricky, and many vendors mess them up, so I'm not picking on Apple.
I'm sorry, but you didn't make a case for bundling together and why finer grain control is would not make sense.
I have no doubt that the problems you guys solve are incredibly complex. There is no question about that.
But does bundling really make sense? I'm not sure why being subject to a 2G downgrade attack is relevant to my threat model including message attachments or FaceTime.
For example, going to a concert, protest, or any large gathering greatly increases my chance of being subject to a 2G downgrade attack but I'm unconvinced it increases my chances of multimedia or FaceTime based attacks.
These fall together in an high enough level but doesn't all security issues? A step down in abstraction and I don't think these are linked.
But you're the expert here. I'll trust you over me, but would like to better understand what I'm missing. This is Hacker News. We can expect everyone here to be familiar with programming and basic security here. So get technical with me
Also security engineer here. You're thinking too small and in the wrong direction. You're not protecting against 2G downgrade attacks, you're protecting against an attacker who has a whole library of things to try on you to see what works.
Lockdown mode is intended to protect against sophisticated actors, the kind who will buy 0days for six or seven figures, roll it into a new version of their product and sell it to governments.
Lockdown mode blocks the riskiest parts of the platform. For example, iMessage no longer automatically unfurls links, because anyone can send you a message and potentially send an exploit that your phone happily triggers without you doing anything.
You don't get to pick a la carte because Apple wants the feature to be effective and simple to enable.
[dead]