Or China is just saying they cracked Air Drop to try to scare protestors from using this feature. If they cracked it, why would they make it public that they cracked it when they could catch dissidents using it without their knowledge? Not to mention making it public puts pressure on Apple to patch it, which would destroy their access. Doesn’t make much sense to make this public if it is true.
this post was submitted on 09 Jan 2024
256 points (96.4% liked)
Privacy
31287 readers
840 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Whenever a government or government agency announces a successful exploit, I presume they've already exhausted it and moved on to another one that won't be patched or publicly divulged for many years.
I don't buy it. This smells like a way of causing fear in those who want to share information.
¿Por que no Los dos?
iMessage ~~is insecure~~ security isn't as robust as most people think, and this has been known for years.
People still use it
It would be easy for apple to debunk this if it wasn't true. I'd stay away from it and use proven secure means.
There’s no way to prove that something is secure. (It reduces to the halting problem.)
You can still have more certainty or less. If it's open-source - it doesn't guarantee safety by any means, sure, but if it's proprietary like this one - you don't even get a chance to check what's going on.
Nothing is ever completely secure if it's connected to the internet. It just likely isn't worth it to hack into. That's why macs used to be "virus proof".
Well, yes, because Windows was a much more lucrative target.
Why would they? They have all their production logistics in China.
How can Apple debunk it?
If I told you I know of a way by which I can "hack" the lock of your house to enter it, how can you prove whether I'm lying or not? Specially if I'm not willing to show you how I do it, and I haven't given you any proof of having actually done it that you can try to dispute.
sending email and phone number with each airdrop doesn't sound right. Apple isn't a good company but they aren't dumb. Why would you send that info?
They aren't saying that the email/number is part of the message. What the are saying is that they are able to decrypt the logs in order to identify the senders .
It could be they cross-reference matching some internal ids / tokens / physical addresses of the devices together with all the data the Chinese government already has (or can obtain) ...or it could be a bluff.. who knows... there's not enough information, and what we know is probably distorted.
Usually when one of Apple’s security measures is breached, the company would issue an update to patch it. We’d hope this will happen here, but the Chinese government is likely to apply pressure on the iPhone maker to leave the exploit unpatched – at least, on Chinese devices.
WELL, Apple? ? . . . We're waiting
Too busy protecting iOS users from iMessages of unauthorized color.
While I have little respect for Apple's overall privacy practices, this sounds a lot like the CCP making something up to scare protesters and dissidents from using AirDrop. There's no sensible reason they would be advertising such an exploit openly, especially when it could potentially be used to secretly spy on dissidents, protesters, or even used in foreign espionage. Something doesn't sit right with this.
Well if Apple doesn't fix it, like they haven't fixed the iMessage flaws) they've known about for years, then it's still useful.
And most people won't even know of this issue, and they'd still use Airdrop anyway, saying "I'm not interesting enough to spy on".
iMessage lacks forward secrecy, so if I get your RSA key which never changes, I can read all your old messages and any new ones too. And that's just one issue with iMessage. And people don't know about it, and still use it, thinking it's secure. (it's pretty good in my opinion, just wish Apple would fix the issues linked article).
Totally agree. Their logic is to hide and deny everything, and if they say something openly, it's likely a lie.
Probably not a reliable source but you should still use Foss with strong encryption (RSA2048+ ideally)
For airdrop? There's a foss airdrop?!
Oh China, you rascal.
This is a great podcast about the vulnerabilities China has for their own only...
Click Here: 101. Bug bounties with Chinese characteristics
Episode webpage: http://www.recordedfuture.com/podcast
Media file: https://chrt.fm/track/DG79BE/traffic.megaphone.fm/RFEI8990516258.mp3?updated=1704745626
LMAO hope they do another purge of CIA operatives https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html
You guys are gullible as shit if you think this is real. This is yet another bullshit scare tactic by the Chinese government. Also these articles are hardly even sourced and are just copypasted from other news sites to farm clicks.
Yeah this does smell fishy. The Chinese government is quick to manipulate and lie and I doubt they would want to get people not to use a service they can break.
Ahh, that makes sense. I was wondering, "Why the hell are they announcing their zero day to the Internet?"