• BearOfaTime@lemm.ee
    link
    fedilink
    English
    arrow-up
    64
    arrow-down
    2
    ·
    1 year ago

    Wow.

    I think it would help to summarize the major issue with iMessage and have it at the top.

    The RSA encrypting the AES with the message content is so face-palmingly bad that you really don’t need to read any further, and thd rest is just more evidence of issues.

    Well done. I had no idea. Saving your summary, because it’s so staggering. Wish I could upvote you a hundred times. This is a huge issue.

    • Socsa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      3
      ·
      1 year ago

      We literally know that the FBI at one point was unable to break into an iPhone, and then a few days later was able to break into it. Apple clearly let them in the back door after negotiating the condition that they could deny and act all upset about it.

      And then they launched a whole privacy - focused marketing campaign immediately afterwards. It’s all laughable transparent, yet you still have moronic pop-security YouTubers repeating that bullshit that Apple is a secure platform.

      • GekkoState@lemmings.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Um no, the FBI used software developed by an Israel based company to hack into it. This is well documented. Isreal has been creating and selling iPhone hacking software to nation states for years. They also sold out to the Saudi’s who used to it to track and kill the American resident Jamal Khashoggi.

        • Hello Hotel@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Your right, I don’t think those Israel companies got a backdoor from apple. A “magic packet” backdoor is too hard to hide into the code and would tank their trust FAST. However, They do encrypt the system files to prevent reverse engineering. iPhones then have enough bad practices (see: the IMessage post) (some of them oddly specific) to make a software developer cry in the corner. Incompetence, UX tunnel vision or intentional flaws. (honestly I don’t know the answer)

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I know, right?

        Unfortunately ignorance of the masses (myself included, and I try to stay current) let’s them get away with this stuff.

        Too many people say “well, I don’t do anything wrong, so why be concerned”, as if people have never been railroaded before (Ruby Ridge anyone?).

        Seeing the kind of data I know is known about me is terrifying, and I’ve been working for years to reduce it. My current effort is a final degoogle.

        Messaging is a tough one to crack, people still use SMS as much as I hate it.

        • brambledog@lemmy.today
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I wouldn’t really classify Ruby ridge as a rail-roading.

          This is a guy who uprooted his family to move across the country so he could hang out with terrorists who shared Hitler-loving beliefs.

          He then sold a sawed off shotgun to a man he believed was one of those terrorists.

          We can definitely criticize law enforcement for every single they did from the inception of the case, but Weaver was not innocent.

    • farcaller@fstab.sh
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      In iOS 13 or later and iPadOS 13.1 or later, devices may use an Elliptic Curve Integrated Encryption Scheme (ECIES) encryption instead of RSA encryption

      (from apple docs).

      If you’re curious about it all, I’d suggest studying some notes from the protocol researchers instead of taking to the pitchforks immediately. Here’s one good post on the topic.