this post was submitted on 14 Nov 2023
417 points (91.6% liked)

Technology

58137 readers
4359 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
417
Nothing Phone builds a blue bubble iMessage bridge while Google and Apple fight over RCS (www.androidcentral.com)
submitted 10 months ago by [email protected] to c/[email protected]
224 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 10 months ago (4 children)

They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.

That would likely still give them a capability to MitM but it's plausible that they couldn't passively intercept the messages.

[–] [email protected] 12 points 10 months ago* (last edited 9 months ago) (1 children)

deleted

[–] [email protected] 10 points 10 months ago (1 children)

Absolutely. The iMessage network isn’t some unknowable beast, it “just” requires an Apple device be involved and activated to work. In order to spoof that far, you’d essentially need to emulate quite a bit on device.

[–] [email protected] 6 points 10 months ago* (last edited 9 months ago)

deleted

[–] [email protected] 10 points 10 months ago (1 children)

You give them the credentials for your Apple account. The security concept is "trust me bro" and that's really the best they can do unless Apple helps them (which they have no reason to)

[–] [email protected] 7 points 10 months ago* (last edited 10 months ago)

"Trust me bro" is always the security concept of any service where you don't control the client - that includes regular iMessage (you have to trust Apple) and Google's RCS (you have to trust Google). They can always instruct or update the client apps on people's phones to start doing something they weren't previously doing.

That being said, I would not trust some random sketchy company with something so important. Even if you trust their intentions, you cannot trust their competence in preventing breaches. Stuff gets hacked and leaked all the time.

[–] [email protected] 6 points 10 months ago

They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.

They'd need to control the app on both phones in order to control what it's encrypting/decrypting. Their system only works because they've got a device in the middle separately decrypting/re-encrypting each message. Google's Messages app can't read iMessages; Apple's Messages app can't read Google's proprietary encrypted RCS messages.

Of course if you want universally cross-platform messaging, complete with full-resolution photos and available with end-to-end encryption, there's this crazy new technology called "email." I feel like there's a missed opportunity for making setting up S/MIME easier.

[–] [email protected] 1 points 10 months ago* (last edited 9 months ago)

deleted