- Mar 29, 2018
- 7,135
I understand what Project Zero does. But why do they take it upon themselves to talk to the press about a vulnerability in a competitor's product, six months after the fact? Mind you, this vuln was discovered in February, and patched a week after it was discovered. My answer: because their employer has suffered a double-whammy of bad press over the past few weeks, taking a second hit just a few days ago.
Is Google secretly, quietly hoping for that to happen by releasing these exploits publicly on the day the launch date of the iPhone 11 was confirmed? I suppose it’s possible, but it’s hard to argue that Google’s behavior has been anything other than a model here. Google’s Project Zero team, which identified the exploit chains, gave Apple six months’ advance notice about the vulnerabilities before releasing any information to the public, and then provided full, detailed descriptions of the vulnerabilities and malware. And Beer is very measured in his criticism in the announcement post on the Project Zero blog—he acknowledges that all devices are vulnerable without calling out Apple specifically. He writes:
If anything, his goal seems to be merely leveling the playing field a little bit by pushing back on the public perception of iPhones as being far more secure than other mobile devices. And if Apple and Google decided to compete on security by trying to see which company could find the most serious vulnerabilities in the other’s mobile operating system, well, that would be a pretty great outcome for all of us.Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. … All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.
What You Need to Know About the iPhone Malware News
So maybe it doesn’t actually cost $1 million to get into your iPhone—what do we do now?
slate.com