This post is a thing of beauty. The details of how this works are amazing.
Amazing. Did they need to jailbreak or physically open the phone to find all this stuff? They talk about reversing binary images and using their "Legilimency" toolkit; I wonder if a vanilla phone was enough to research all this and propagate through Wi-Fi.
Why did Apple make it harder to turn off the WiFi radio in iOS11?
This is an incredible combination of both reverse engineering skill and communication ability. So good!
These guys are amazing. Excellent level of details.
Skimming through this makes me feel even more comfortable using my iPhone ... look how smart you need to be to exploit it!
Wonder if something like this was used to get into the San Bernardino shooter's phone by the FBI
When will Apple dump Broadcom?
What is the story with Project Zero? What is the strategy here?
If you think about it, pointing out flaws in competitors' products is actually unusual for businesses, especially large ones. It raises questions of motives, of trust (are they drumming up business in a negative way? Can I trust what company X says about their chief rival? Are they exaggerating or spinning it?), and it looks unsavory: You don't win in the court of public opinion by insulting the competition, right or wrong; you just look like a jerk. Also, there's a liability risk, which adds legal costs to otherwise free blog posts - 'can't you guys just find Linux bugs?'.
On the other hand, it might improve security for everyone if Apple and Google started competing to publicize each other's flaws. :) (But I'd bet the noise of accusations and counter-accusations of errors in analysis, misleading statements, etc. would soon drown out the technical info, and then the lawsuits would begin ...).
I'd love to know how many hours were needed to develop this exploit from start to finish, and how many dead ends the researcher ran into along the way.
Just writing the blog post and generating all the images for it must've taken many days.