Even though it’s best to trash the device, the same thing would happen with the next device. User would like to go ahead with it anyway for purposes of learning and semblance of defense.
Iphone SE 2 likely/possibly hacked by advanced malware. Physical access lost 2x.
Nation state threat.
Would like to factory reset (maybe DFU, but have no trusted machine) and update to 26.
What’s the best approach. Reset first, then update? etc
Phone is in lockdown mode with user not logged in except when downloading new apps. Can update apps without being logged in. There is an esim.
User has linux machines (no Macs). Has no physical security for machines or cable or secure dwelling which is routinely entered.
Even though it’s best to trash the device, the same thing would happen with the next device. User would like to go ahead with it anway for purposes of learning and semblance of defense.
User has linux machines (no Macs). Has no physical security for machines or cable nor a secure dwelling, It is routinely entered.
I think for iPhones specifically the preferred way to wipe would be to dfu device and use another device to restore.
Otherwise, you are stuck with the reset directly from the device in settings.
Since the first option is a no go, then I guess second option is the only one you can do, though the assumption should be that the device could still be compromised.
That being said shredding the current device is still the best option and getting a new one for 100% confidence that the malware simply isnt present anymore is best.
If you really are a nation state threat, there is very little you can do. I am dealing with it for the last 8 years, spend tons of money on devices, identities, hardening. You name it I have done it.
I live in Western Europe, the HQ of surveillance state, ISP’s can’t be trusted, secure DNS, VPN, iPhone and macOS in Lockdown Mode offers practically zero security.
Best bet would be to score retro grade hardware and build from scratch. Like for real from scratch. Clean room, no shared power, NO NETWORKING! And mark every device used as tainted.
I must say, either the circle I am in ALL are in the same boat, or computing is dead. I have checked devices from relatively unknown people and they too have a pretty fucked up system.
If you do find a solution, I am very interested in your solution…
I gave up on it, I don’t give in, I don’t compute things anymore. Taxes? Not my problem. Government stuff? Same…..
Job? If I can’t get one over the phone or physical contact, that’s really not my concern. I have money, but if it runs dry, I have options left that will damage them more than the psychological damage they caused me
Anywhere that has an up-to-date Mac or Apple devices software. Doesn’t matter if you update it or not, you’re wiping the firmware. I will say, if they found a way to bypass secure boot then I don’t think flashing firmware from a less secure machine is going to fix that. You can probably just Erase All Content and Settings just fine and not worry about it.
The thing protecting you in all scenarios is going to be the hardware root of trust baked into the phone’s hardware, if that’s bypassed then there’s basically nothing to be done. Doesn’t really matter which option you pick although I’d imagine an updated machine makes it more likely to succeed.
No there’s no way to test, and no it’s not easy unless there’s a known vulnerability. As far as I know the last one was checkm8 but I don’t think any iPhone that supports iOS 26 is still vulnerable to that.
If iphone is used as an usb hotspot for linux laptop and other devices via wifi, it requires ‘trusting’ the laptop and gives access to photos, etc. What kind of risks does this introduce if the laptop is likely compromised.
Would wifi hotspot use be less risky.
I meant is it fairly easy/trivial for a nation state to bypass secure boot. A variety of different pegasus style malware and advanced attacks combined with physical access and video surveillance (where someone could possibly see the password) are used here. Device was unattended 2x for a total of about 30 min.
There are so many possibilities for intrusion, I have purchased a brand new device, turned it on, followed the steps, and immediately it was clear it was altered. And on a UEFI machine you can see the settings and “harden” them, but if they come prebaked with manipulated chains of trust, weird certificates that read as it they are being batched according to some script, empty fields where reputable companies would fill those accordingly. Security features turned off by default or the fact that the first user creation is ALWAYS an admin. Combined with the total chaos in NPM / PIP / JS delivery and layers upon layers upon layers of “obsolete“ unmaintained libraries that serve only the APT / Surveillance State. I am quite surprised that the entire system has not crashed ‘yet’
Even if you’d manage to extract the contents from the eeprom/flash/spi-nor-flash or the instructions inside the first sectors of NVMe disk’s and somehow replace it with “clean bits” the chances of the device getting pulled back in the Oracle’s web of mass surveillance through virtualization are likely to occur almost immediately.
It’s not easy to test. And for end users it’s hard to bypass secure boot, but for those who have unlimited resources and hold all the keys, it’s moot. Thanks to the system on a chip that allows 24/7 access to the bare metal device without the device being on, or having fortified the cold boot process with several passwords and configured it so that it becomes unusable for it to be functional
On Mac devices it is hardened due to the OS being BSD with limited root access. But the enclave has its identifiers, so even if you can wipe the device properly, it pulls in just a new image but the backdoor remains open since it has been proven that the Secure Enclave is designed to prevent hackers, not Surveillance systems. You must ask yourself: have I been hacked: Seems so. Is it a ransomware or crypto miner? And the for me biggest give away was that after 2 years in, They did not stole a single thing from me. But the trust is gone, things like going online feels like visiting an abandoned once thriving place. Decades old content, very few users, I can’t use stackexchange unless someone posts a link to a thread that offers genuine advice. Every community appears abandoned with just a handful of topics and mostly no discussion going on.
