this post was submitted on 06 Dec 2023
557 points (98.8% liked)

Technology

59243 readers
3343 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 64 points 11 months ago (3 children)

Wow.

I think it would help to summarize the major issue with iMessage and have it at the top.

The RSA encrypting the AES with the message content is so face-palmingly bad that you really don't need to read any further, and thd rest is just more evidence of issues.

Well done. I had no idea. Saving your summary, because it's so staggering. Wish I could upvote you a hundred times. This is a huge issue.

[–] [email protected] 11 points 11 months ago (2 children)

We literally know that the FBI at one point was unable to break into an iPhone, and then a few days later was able to break into it. Apple clearly let them in the back door after negotiating the condition that they could deny and act all upset about it.

And then they launched a whole privacy - focused marketing campaign immediately afterwards. It's all laughable transparent, yet you still have moronic pop-security YouTubers repeating that bullshit that Apple is a secure platform.

[–] [email protected] 10 points 11 months ago (1 children)

Um no, the FBI used software developed by an Israel based company to hack into it. This is well documented. Isreal has been creating and selling iPhone hacking software to nation states for years. They also sold out to the Saudi's who used to it to track and kill the American resident Jamal Khashoggi.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Your right, I don't think those Israel companies got a backdoor from apple. A "magic packet" backdoor is too hard to hide into the code and would tank their trust FAST. However, They do encrypt the system files to prevent reverse engineering. iPhones then have enough bad practices (see: the IMessage post) (some of them oddly specific) to make a software developer cry in the corner. Incompetence, UX tunnel vision or intentional flaws. (honestly I don't know the answer)

[–] [email protected] 1 points 11 months ago (1 children)

I know, right?

Unfortunately ignorance of the masses (myself included, and I try to stay current) let's them get away with this stuff.

Too many people say "well, I don't do anything wrong, so why be concerned", as if people have never been railroaded before (Ruby Ridge anyone?).

Seeing the kind of data I know is known about me is terrifying, and I've been working for years to reduce it. My current effort is a final degoogle.

Messaging is a tough one to crack, people still use SMS as much as I hate it.

[–] [email protected] 5 points 11 months ago

I wouldn't really classify Ruby ridge as a rail-roading.

This is a guy who uprooted his family to move across the country so he could hang out with terrorists who shared Hitler-loving beliefs.

He then sold a sawed off shotgun to a man he believed was one of those terrorists.

We can definitely criticize law enforcement for every single they did from the inception of the case, but Weaver was not innocent.

[–] [email protected] 8 points 11 months ago

In iOS 13 or later and iPadOS 13.1 or later, devices may use an Elliptic Curve Integrated Encryption Scheme (ECIES) encryption instead of RSA encryption

(from apple docs).

If you’re curious about it all, I'd suggest studying some notes from the protocol researchers instead of taking to the pitchforks immediately. Here's one good post on the topic.

[–] [email protected] 7 points 11 months ago

No way governments spying on their own people I could never believe such an act would be tolerated.