Well that didn’t take long…
• Beeper, the company behind iMessage for Android, faces an outage after Apple cuts off its access.
• The highly anticipated service, which brought blue bubble texts to Android, may have violated Apple’s terms of service.
• Beeper’s access to iMessage was revoked soon after its launch, raising questions about the feasibility of the service.
Well I stand corrected. I didn’t think Apple would do anything, or if they did, it would be a while.
They’ve done nothing about Beeper Cloud, so I thought they were sitting on their hands. Maybe because those connections are from actual Macs, so harder to isolate and prevent.
Still going to be entertaining to watch, especially the point about SMS being unencrypted, and the recent article about iMessage having a significant security issue in not having Forward Secrecy, since your RSA key doesn’t change.
Even the CEO of Beeper said there was no way Apple could take them down without interrupting service for iPhone users.
I guess he was wrong!
Or, maybe he knew he was bluffing a little (I doubt he fully believed they couldn’t do this).
Like ad blocking, this looks like a cat/mouse game, and this dev looks like he really understands what Apple does. So it should be an interesting thing to watch.
Probably not a good idea to underestimate a multiple trillion dollar company
Isn’t it surprising how nobody’s raised to stink about iOS having poor message encryption? Their white paper has been around for at least 5 years at this point, but I guess most of us shrugged and just decided it was good enough.
Makes you wonder about all the other stuff they’ve made E2EE more recently, and how unlikely it is that it’s much better. Messaging is one thing, file encryption is more static.
Not sure I would call it poor encryption. As yet, no one’s cracked that large of an RSA key.
I’d certainly call it less than advertised, and needing some updates like increase the RSA key, separate the encrypted message from the AES key, and use other mechanisms so it doesn’t have a single point if failure (the RSA key).
They also need to change the identifiers, since that has a risk of MITM attacks.
But yea, they’ve had 4 or 5 years and done nothing. That’s BAD.