Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
We need to have a serious chat about iPhone repairability. We judged the phones of yesteryear by how easy they were to take apart—screws, glues, how hard it was…
To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.
If you think keyloggers require software running on your physical keyboards you’re in for a rude awakening.
Keyloggers are almost always at a pure software level and are conceptually simple to make. So simple that in fact, it’s the same thing as running a regular application with background shortcuts. The only thing that is different is that regular apps aren’t saving/recording anything, they’re just listening for you to press cmd+whatever.
It takes maybe ~10-15 minutes to make a keylogger in Python that could run on any computer, mac, windows, or Linux. Maybe a little longer if you wanted to use a compiled language and properly hide it.
I think we’re on the same page? If an attacker wanted a keylogger they wouldn’t even need to go as far as a screen, there are plenty of other ways (like a 3rd party keyboard app) that would work just as well, if not better, on an iPhone.
Hell, while we’re at it, using a phishing email to get you to enter a password in a fake site or using social engineering to reset your passwords is way more effective than reverse engineering and modding a camera/screen.
There’s no reason why Apple should get to keep exclusive rights on repairs just to profit more on parts. 3rd party screens, cameras, face id modules, etc. aren’t going to suddenly make your phone less secure.
To exfiltrate the login password from a keylogger on a macbook, for example, you need to have some software running on the cpu as well as the keyboard itself. This makes it very difficult to do in reality, as you have to infect both devices and if you do not have physical access, your exploit needs to be done across the keyboard interface, which makes it very hard to do in practice. Swapping any random keyboard in that could potentially be malicious introduces two issues, as now the keyboard itself may have a keylogger, as well as opening the possibility of exploiting some vulnerability in the cpu from the keyboard itself. You therefore open two attack surfaces that were previously closed, which is highly significant.
If you think keyloggers require software running on your physical keyboards you’re in for a rude awakening.
Keyloggers are almost always at a pure software level and are conceptually simple to make. So simple that in fact, it’s the same thing as running a regular application with background shortcuts. The only thing that is different is that regular apps aren’t saving/recording anything, they’re just listening for you to press cmd+whatever.
It takes maybe ~10-15 minutes to make a keylogger in Python that could run on any computer, mac, windows, or Linux. Maybe a little longer if you wanted to use a compiled language and properly hide it.
Sorry to burst your bubble.
And what does that have to do with the risk of a screen repair?
I can also install a key logger on Linux and I can also freely change the SSD to anything I buy on the internet.
And yet somehow people still use computers!? Madness.
I think we’re on the same page? If an attacker wanted a keylogger they wouldn’t even need to go as far as a screen, there are plenty of other ways (like a 3rd party keyboard app) that would work just as well, if not better, on an iPhone.
Hell, while we’re at it, using a phishing email to get you to enter a password in a fake site or using social engineering to reset your passwords is way more effective than reverse engineering and modding a camera/screen.
There’s no reason why Apple should get to keep exclusive rights on repairs just to profit more on parts. 3rd party screens, cameras, face id modules, etc. aren’t going to suddenly make your phone less secure.
Ok, agreed we are on the same page! My misunderstanding.
(I thought you were defending the idea a keylogger is a risk not worth taking with a screen replacement, somehow.)