XPost: comp.sys.mac.system, misc.phone.mobile.iphone

It happened with Face-Time, which turned out to never have been tested
(which Google's Project Zero proved beyond any doubt).

Most of the FaceTime code had _never even once_ been put thru a QA cycle!

At that time, Apple didn't object to the facts - Apple merely said that
they wished Google hadn't told the world of their shoddy QA until after
telling Apple (which, of course, Craig Federighi already knew since we have
his internal emails lambasting the utter lack of any QA on FaceTime).

Now... the same thing happens with Apple's so-called 'secure messaging'.
<https://9to5google.com/2023/12/09/apple-beeper-mini-imessage/>

*Does it scare you that Apple's so-called "secure flagship products"*
*continually get broken into by mere children?*
--
HINT: Nobody has a lower R&D spend than Apple - in all of high tech.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.system, misc.phone.mobile.iphone

Using <news:ul3h0r$2hj1f$1@paganini.bofh.team>, Wally J wrote:

It happened with Face-Time, which turned out to never have been tested
(which Google's Project Zero proved beyond any doubt).

Most of the FaceTime code had _never even once_ been put thru a QA cycle!

At that time, Apple didn't object to the facts - Apple merely said that
they wished Google hadn't told the world of their shoddy QA until after telling Apple (which, of course, Craig Federighi already knew since we have his internal emails lambasting the utter lack of any QA on FaceTime).

Now... the same thing happens with Apple's so-called 'secure messaging'.
<https://9to5google.com/2023/12/09/apple-beeper-mini-imessage/>

*Does it scare you that Apple's so-called "secure flagship products"*
*continually get broken into by mere children?*

Apple said they blocked it because they were worried about metadata & spam.

Apple "took steps to protect our users by blocking techniques that exploit
fake credentials in order to gain access to iMessage," the statement read. Citing "metadata exposure and enabling unwanted messages, spam, and
phishing attacks," https://arstechnica.com/gadgets/2023/12/beeper-minis-imessage-app-for-android-is-broken-possibly-by-apple/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2023-12-10 12:59, david wrote:

Apple said they blocked it because they were worried about metadata & spam.

You're falling for its FUD based casting.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

Using <news:GQndN.1636$taff.1273@fx41.iad>, Alan Browne wrote:

Apple said they blocked it because they were worried about metadata & spam.

You're falling for its FUD based casting.

I read the article. It's not FUD. It's real. It's a quote direct from
Apple. What 'meta data' are you aware of that Apple is worried about?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

Using <news:xlrdN.4233$5Hnd.2261@fx03.iad>, Alan Browne wrote:

I read the article. It's not FUD. It's real. It's a quote direct from
Apple. What 'meta data' are you aware of that Apple is worried about?

You're misunderstanding the difference between Apple's genuine concerns
and the troll attempting to amplify this event into something it most certainly is not.

The concerns are direct from Apple and they're quoted in the article.

What I'm asking you is to help clarify those concerns direct from Apple
when it was quoted in the article as having said "Beeper techniques posed significant risks to user security and privacy" and when it said "these techniques posed significant risks to user security and privacy, including
the potential for metadata exposure."

Since we're discussing the company's own words quoted in the articles, what
do you think it meant by posing "significant risk to metadata exposure?"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2023-12-10 15:59, david wrote:

Using <news:GQndN.1636$taff.1273@fx41.iad>, Alan Browne wrote:

Apple said they blocked it because they were worried about metadata &
spam.

You're falling for its FUD based casting.

I read the article. It's not FUD. It's real. It's a quote direct from
Apple. What 'meta data' are you aware of that Apple is worried about?

You're misunderstanding the difference between Apple's genuine concerns
and the troll attempting to amplify this event into something it most
certainly is not.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.sys.mac.system, misc.phone.mobile.iphone

On 2023-12-09 21:06, Wally J wrote:

It happened with Face-Time, which turned out to never have been tested
(which Google's Project Zero proved beyond any doubt).

Most of the FaceTime code had _never even once_ been put thru a QA cycle!

At that time, Apple didn't object to the facts - Apple merely said that
they wished Google hadn't told the world of their shoddy QA until after telling Apple (which, of course, Craig Federighi already knew since we have his internal emails lambasting the utter lack of any QA on FaceTime).

Now... the same thing happens with Apple's so-called 'secure messaging'.
<https://9to5google.com/2023/12/09/apple-beeper-mini-imessage/>

*Does it scare you that Apple's so-called "secure flagship products"*
*continually get broken into by mere children?*

The people who wrote Beeper Mini were "children"?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2023-12-10, david <this@is.invalid> wrote:

Using <news:xlrdN.4233$5Hnd.2261@fx03.iad>, Alan Browne wrote:

I read the article. It's not FUD. It's real. It's a quote direct
from Apple. What 'meta data' are you aware of that Apple is worried
about?

You're misunderstanding the difference between Apple's genuine
concerns and the troll attempting to amplify this event into
something it most certainly is not.

The concerns are direct from Apple and they're quoted in the article.

What I'm asking you is to help clarify those concerns direct from
Apple when it was quoted in the article as having said "Beeper
techniques posed significant risks to user security and privacy" and
when it said "these techniques posed significant risks to user
security and privacy, including the potential for metadata exposure."

Since we're discussing the company's own words quoted in the articles,
what do you think it meant by posing "significant risk to metadata
exposure?"

Isn't the meaning obvious? Seems like common sense to me: due to the
techniques used, a third party may have access to metadata of the
messages sent through the service which is a security and privacy risk
to Apple's customers.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

Using <news:ktmv7nF4tqfU1@mid.individual.net>, Jolly Roger wrote:

Isn't the meaning obvious? Seems like common sense to me: due to the techniques used, a third party may have access to metadata of the
messages sent through the service which is a security and privacy risk
to Apple's customers.

What's inside that packet of meta data (is it youe name & home address)?
Why is any meta data visible to an account that isn't an Apple account?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2023-12-10 18:17, Jolly Roger wrote:

On 2023-12-10, david <this@is.invalid> wrote:

Using <news:xlrdN.4233$5Hnd.2261@fx03.iad>, Alan Browne wrote:

I read the article. It's not FUD. It's real. It's a quote direct
from Apple. What 'meta data' are you aware of that Apple is worried
about?

You're misunderstanding the difference between Apple's genuine
concerns and the troll attempting to amplify this event into
something it most certainly is not.

The concerns are direct from Apple and they're quoted in the article.

What I'm asking you is to help clarify those concerns direct from
Apple when it was quoted in the article as having said "Beeper
techniques posed significant risks to user security and privacy" and
when it said "these techniques posed significant risks to user
security and privacy, including the potential for metadata exposure."

Since we're discussing the company's own words quoted in the articles,
what do you think it meant by posing "significant risk to metadata
exposure?"

Isn't the meaning obvious? Seems like common sense to me: due to the techniques used, a third party may have access to metadata of the
messages sent through the service which is a security and privacy risk
to Apple's customers.

Only to the mimic'd account donor. Everyone else is "wrapped"
separately. But Apple have to protect the mimic'd account donor(s) too.

Apple are overplaying this, IMO. Shut 'em down, lock 'em out, take 'em
to court.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2023-12-10 18:07, david wrote:

Using <news:xlrdN.4233$5Hnd.2261@fx03.iad>, Alan Browne wrote:

I read the article. It's not FUD. It's real. It's a quote direct from
Apple. What 'meta data' are you aware of that Apple is worried about?

You're misunderstanding the difference between Apple's genuine
concerns and the troll attempting to amplify this event into something
it most certainly is not.

The concerns are direct from Apple and they're quoted in the article.

What I'm asking you is to help clarify those concerns direct from Apple
when it was quoted in the article as having said "Beeper techniques posed significant risks to user security and privacy" and when it said "these techniques posed significant risks to user security and privacy, including the potential for metadata exposure."

Since we're discussing the company's own words quoted in the articles, what do you think it meant by posing "significant risk to metadata exposure?"

The hacker is mimicking traffic from a genuine device in order to "gain
access" to registration. So it _potentially_ poses some risk to those
devices that were "donors" of the data.

To everyone else, very little risk at all (none actually).

Apple, to be sure, are exaggerating the risk in order to amplify their
case against the hacker. But that "exposure" is contained to the
traffic the hacker generates (via his app), not to Apple's legitimate users.

This simplistic registration ploy is not a threat at all to Apple or its clients. Were it so, the whole thing would have exploded years ago.

QUOTE
Beeper's service used encryption algorithms whose keys were spoofed to
look like they came from a Mac Mini running OS X Mountain Lion, perhaps providing Apple a means of pinpointing and block them. Beeper employees
have stated on Reddit and elsewhere that an explanation of what was
blocked, and how it was worked around, should be forthcoming.
ENDQUOTE

In sum: they managed to get devices registered to use the service. This
is not a gold passage to the paradise of owning iMessage or any other user.

If I were Apple I'd just shut them down on one side and sue them for unauthorized use of their servers.

There is also a case for criminal charges since this hack means
unauthorized access to Apple's servers. Reverse engineering: legal.
Using it for unauthorized access: illegal.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)