Well not really an Apple store, but a reseller featuring only Apple products. Other than the legal difference (not a shop run by Apple) there is probably nothing really different. For simplicity I\u2019ll just go with \u201cApple store\u201d from now on.
In my effort of improving computer security and moving out of my comfort zone I thought it would be nice to learn a bit about the overpriced bitten windfall fruit technology. So I went to the store with a friendly smile and told the guy what was my goal: Improving my computer security and learn about Apple by asking an expert in a shop dedicated to selling Apple products. I\u2019m even ready for getting a Mac Mini if the price is okay. But visiting the Apple shop turned out to be a fiasco:
<\/p>\n\n\n\n\n\n\n\n
He said he can\u2019t compare anything to Windows or Linux as he only uses Apple products, just his POS terminal run Windows.\u200bWTF? How are you going to explain anything to anyone who is ready to switch to your systems if you know nothing about other operating systems? Never mind. If he is at least an expert in Apple products I can it compare myself.\u200b
<\/p>\n\n\n\n
Guy: \u201cWhat do you mean?\u201d\u200b<\/p>\n\n\n\n
Sinchen \u201cLimit the impact of a security breach on a part of my system in a controlled way.\u201d\u200b<\/p>\n\n\n\n
Guy: \u201cApple is very secure. You have to actively download malware for an infection.\u201d\u200b<\/p>\n\n\n\n
Well, it is definitely a false claim and I told him zero click attacks on Apple systems exist (forgot to mention Pegasus as an example targeting iPhones).\u200b<\/p>\n\n\n\n
Not knowing what to answer he said there was no compartmentalization (which is wrong by the way, there is<\/strong> a kind of sandboxing on MacOS \u2013 even I know that, but no details) and the whole system would be compromised if that actually happens\u2026 but\u2026 \u201cApple is so secure that never happens! Windows an Android infections spread in minutes across the globe\u2026 not so with Apple. We have a strong Antivirus-Firewall!<\/strong>\u201d\u200b<\/p>\n\n\n\n It was like talking to a living advertising brochure uttering buzzwords. My bullshit-o-meter said “Overload!” and was about to explode. I stayed friendly and tactfully replied:\u200b<\/p>\n\n\n\n \u201cThat doesn\u2019t sound very technical.\u201d (In my clich\u00e9 German bluntness I was about to yell that he had zero knowledge of information technology and security\u2026 and was completely failing on his job. But I stayed calm.)\u200b<\/p>\n\n\n\n \u201cYou can stop hackers with a strong encryption password!\u201d he added out of nowhere.\u200b<\/p>\n\n\n\n “What would encryption do on a system in use? The key is loaded, data is active and not at rest. Malware has access to the plaintext.\u201d\u200b<\/p>\n\n\n\n \u201cYes, if you actively download a trojan horse it can extract the data. But hackers from outside can\u2019t, because it is encrypted.\u201d\u200b \u201cCan the iPhone make secure use of biometrics? That is GrapheneOS.\u201d, I asked.\u200b<\/p>\n\n\n\n \u201cWhat? Never heard of this!\u201d he answered.\u200b<\/p>\n\n\n\n \u201cFingerprint unlock alone is insecure because it can be forced.\u201d\u200b<\/p>\n\n\n\n \u201cThat\u2019s why we (Apple) have given up fingerprint long ago and uses Face ID. Fingerprint can be spoofed, Face ID is secure.\u201d\u200b<\/p>\n\n\n\n \u201cNo matter if Face ID is beyond any spoof attempts, it can also be forced. If I press my finger here it doesn\u2019t unlock but asks for a short 2FA PIN additionally.\u201d\u200b<\/p>\n\n\n\n \u201cYou can turn off Face ID and use PIN only.\u201d\u200b<\/p>\n\n\n\n \u201cMy password is very long. I can\u2019t just type that everywhere and under video surveillance.\u201d\u200b<\/p>\n\n\n\n \u201cNo, iPhone can\u2019t do such a thing. You are the only one asking such questions! Nobody taught us that at the Apple training courses!<\/strong>\u201d\u200b<\/p>\n\n\n\n Finally I unlocked my phone with 2FA and made a short shaking motion (forces primary unlock getting rid of biometrics) to show it in action. He looked even more confused.\u200b\u200b \u201cI reboot my iPhone every few days manually. It tends to crash otherwise.\u201d\u200b<\/p>\n\n\n\n WTF? He admits these overpriced thing crashes when not rebooted frequently (I highly doubt that iPhones regularlyA sponsored post on front page.<\/p>\n\n\n\n Well not really an Apple store, but a reseller featuring only Apple products. Other than the legal difference (not a shop run by Apple) there is probably nothing really different. For simplicity I\u2019ll just go with \u201cApple store\u201d from now on.In my effort of improving computer security and moving out of my comfort zone I […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-28","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/28","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=28"}],"version-history":[{"count":3,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":35,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=\/wp\/v2\/posts\/28\/revisions\/35"}],"wp:attachment":[{"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kleinessinchen.feralnetworks.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
I gave up at this point. If the system is active, my data loaded an an attacker gets arbitrary code execution (ACE) it doesn\u2019t matter if the entry point is a trojan horse (Pebkac \u2013 Problem exists between keyboard and chair) or somebody decided to burn up a multimillion $$$ exploit chain on me to use zero click for gaining ACE. I both cases my computer and my data is f\u2026ed! So much for my interest in MacOS in the form of a Mac Mini.
Omitting the questions about attack surface reduction I took out my Google Pixel 8a with GrapheneOS. Biometrics alone are insecure even if implemented correctly: They can be forced by attackers (criminals, police, malignant partner while asleep\u2026)
<\/p>\n\n\n\n<\/a>Question 3: Any way of secure Biometrics usage?<\/strong>\u200b<\/a><\/h4>\n\n\n\n
Sadly he even failed having any answer to the following, which was part of main stream media. He obviously knows nothing about the inner workings of the products he is supposed to sell. He doesn\u2019t follow any (news) sites dedicated to Apple products.
<\/p>\n\n\n\n<\/a>Question 4: How does the automatic reboot on iPhones work?<\/strong>\u200b<\/a><\/h4>\n\n\n\n
Sinchen: \u201cOkay then. I thought I could get some technical insights here. Was wrong.\u201d
Guy: \u201cMaybe my colleague responsible for business sales knows more. He can add Sophos to the security.<\/strong>\u201d
<\/p>\n\n\n\n
I had prepared some more questions, but at this point I gave up. Premium prices, no competent staff. I had no ill intent when asking these questions.
The insane amount of incompetence presented in a shop selling only expensive luxury goods caught me off-guard and struck me like a blow with a sledge hammer.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"