Non-quantitative security arguments are nonsense and really need to stop.
"Consider the iPhone. The hardware, operating system, and applications were designed with everything a security professional loves in mind. Even so, modern systems are too large and too complex to be bullet-proof."
That statement, and many others like it in the article, leads you to believe that the systems are good, but provides no actionable information other than a hedge saying that the system is imperfect. How imperfect is it? What is a viable threat? What quantitative effect do the mitigations have? Without this type of information it is just parroting content-free marketing speak.
Here is actionable information. Bug bounties correlate strongly to the cost of discovery for a class of attack. Therefore, Apple thinks it takes less than $1M to create a remote no-install zero-click kernel arbitrary code execution [1]. If you need one click, then $250K. If you need an install, then $150K. Given the nature of software, after such an attack is discovered it can be deployed in bulk with minimal extra effort, so you really need to divide the cost over the number of targets that can feasibly be attacked to evaluate the "marginal cost per attack". How widely you think a remote no-install zero-click attack can be distributed will tell you what that number is.
To provide an example of such an attack here is a post-mortem done by Google Project Zero of 5 exploit chains being exploited for 2.5 years before discovery [2]. They mention that the sites received thousands of visitors per week, so a conservative estimate would be 130k visitors/5 exploits for an average of 26k targets per exploit. Assuming this falls under the first category of attack, that means the marginal cost to fully compromise an iPhone is ~$40.
So, the total effect of every mitigation they do is raising the cost of exploiting to $40/iPhone which is not secure by any objective metric.
"Consider the iPhone. The hardware, operating system, and applications were designed with everything a security professional loves in mind. Even so, modern systems are too large and too complex to be bullet-proof."
That statement, and many others like it in the article, leads you to believe that the systems are good, but provides no actionable information other than a hedge saying that the system is imperfect. How imperfect is it? What is a viable threat? What quantitative effect do the mitigations have? Without this type of information it is just parroting content-free marketing speak.
Here is actionable information. Bug bounties correlate strongly to the cost of discovery for a class of attack. Therefore, Apple thinks it takes less than $1M to create a remote no-install zero-click kernel arbitrary code execution [1]. If you need one click, then $250K. If you need an install, then $150K. Given the nature of software, after such an attack is discovered it can be deployed in bulk with minimal extra effort, so you really need to divide the cost over the number of targets that can feasibly be attacked to evaluate the "marginal cost per attack". How widely you think a remote no-install zero-click attack can be distributed will tell you what that number is.
To provide an example of such an attack here is a post-mortem done by Google Project Zero of 5 exploit chains being exploited for 2.5 years before discovery [2]. They mention that the sites received thousands of visitors per week, so a conservative estimate would be 130k visitors/5 exploits for an average of 26k targets per exploit. Assuming this falls under the first category of attack, that means the marginal cost to fully compromise an iPhone is ~$40.
So, the total effect of every mitigation they do is raising the cost of exploiting to $40/iPhone which is not secure by any objective metric.
[1] https://developer.apple.com/security-bounty/
[2] https://googleprojectzero.blogspot.com/2019/08/a-very-deep-d...