Of course, if someone ever does get their hands on your iPhone, there's a whole host of other nefarious things that they could do than swipe your SIM card — so the issue might not deserve some of the hysteria we've seen across the web, but it's also clearly a risk that Apple needs to address.
Until then, it's just one more reason to think twice the next time you consider leaving your iPhone unattended at the bar. Ross Miller contributed his words, time, and sense of privacy to this report. Subscribe to get the best Verge-approved tech deals of the week. Cookie banner We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from.
By choosing I Accept , you consent to our use of cookies and other tracking technologies. Cybersecurity Mobile Policy Privacy Scooters. Phones Laptops Headphones Cameras. Tablets Smartwatches Speakers Drones. Accessories Buying Guides How-tos Deals. Health Energy Environment. YouTube Instagram Adobe. Kickstarter Tumblr Art Club.
Film TV Games. Fortnite Game of Thrones Books. Comics Music. Filed under: Mobile Apple Exclusive. Accidental espionage: how iMessage conversations end up in the wrong handsets New, 85 comments. Sottek Feb 3, , pm EST. Share this story Share this on Facebook Share this on Twitter Share All sharing options Share All sharing options for: Accidental espionage: how iMessage conversations end up in the wrong handsets. Carriers would likely be able to determine not only exactly what message was sent and when, but also where the customer was when they sent it.
The iPhone maker has always said that it will share data it has access to with law enforcement agencies upon a lawful request, such as a warrant or other court order. Our mission has never been more vital than it is in this moment: to empower through understanding. Financial contributions from our readers are a critical part of supporting our resource-intensive work and help us keep our journalism free for all.
Please consider making a contribution to Vox today to help us keep our work free for all. Cookie banner We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from.
By choosing I Accept , you consent to our use of cookies and other tracking technologies. Reddit Pocket Flipboard Email. This article originally appeared on Recode.
Next Up on Recode. But they repeatedly emphasized this was only possible if the third party is a skilled attacker, and cited Apple and the NSA as examples of capable skill level. Then, the attacker would install fraudulent certificates on it, and run spoofed servers tricked out to mimic Apple servers.
The flaw's essence, as QuarksLab described it, lies in the protocol's lack of certificate pinning. Even though performing this man-in-the-middle attack is quite a lot of work, and can only be done under limited circumstances, QuarksLab told the security conference's attendees that if they needed a secure message system, they should choose a different one. Especially, they jokingly cautioned, if the messages contain discussion of Apple related zero-days or exploits. The hackers concluded their bombshell of a talk — to a packed, standing-room-only crowd — by sharing a tool they created that gives iMessage users on iPhones the ability to essentially plug the flaw themselves and make their messages truly private and secure.
Their tool "iMTM Protect" available for download on GitHub is a helpful, superlative approach to empowering users to protect themselves from a serious privacy issue that raises too many questions to answer at this time.
It's also a refreshing outcome to the revelation of a security flaw in a product from a company known for staying silent on its product's security problems — and tends to tell users that security holes will get fixed "sometime" in the next update cycle. The tool is ready for skilled computer users, though sadly it is likely out of reach for the average Apple iMessage user's technical skill level — and only works on jailbroken iPhones at this time.
Needless to say, what QuarksLab revealed at Hack In The Box yesterday is still a serious issue for all users of iMessage with concerns about threats with resources, such as nation-states. And now, the whole situation casts a shadow over Apple's previous reassurances.
Missouri apologizes to k teachers who had SSNs and private info exposed. Brazil advances efforts to tackle electronic fraud. Cybersecurity education company touts 3 to 6 month program for unemployed veterans.
VA releases new cybersecurity strategy in honor of Veterans Day. Ransomware gangs are using these 'ruthless' tactics as they aim for bigger payouts. You agree to receive updates, promotions, and alerts from ZDNet.
0コメント