Senator Warren calls out Apple for shutting down Beeper’s ‘iMessage to Android’ solution::U.S. Senator Elizabeth Warren (D-Mass.) is throwing her weight behind Beeper, the app that allowed Android users to message iPhone users via iMessage,
Did Beeper clear its usage of the iMessage platform with Apple? Sign a contract? Get an SLA agreement with Apple in writing?
I was under the impression that they found essentially a back door/work around to latch into the iMessage platform… in that case this is no different than Cisco patching some routers or MS fixing a security hole. If anything I’d be more annoyed that Apple didn’t patch it quicker.
I’d love to be able to use iMessage with my android friends, but Beeper’s methods seemed sketchy as hell.
It was an exploit that mimicked the device as apple hardware, but it wasent sketchy. Everything was still e2ee, with beeper having no access to any data.
It was the exact opposite of what the Nothing “middleman” did that was actually sketchy.
It was an exploit
…
but it wasent sketchy
Ah yes, businesses based on exploits. Very not sketchy.
It wasent a bug in software. As I understand it, they cloned an apple hardware ID.
They basically put on an “Im an apple!” mask and then used iMessage as expected. While an “exploit” it is not inherently a security issue.
Ah yes, businesses based on exploits. Very not sketchy.
Enabling interoperability in purposely walled gardens for the overall greater good of the Internet? Sounds like some good ol’ hackers spirit to me. If they make a few bucks while they do it, even better.
Yall realize youre on a tiny, open source network right now that employs the same kind of scrappy “do the right thing because it’s right” ethos, yeah? That at some point beeper might be a bridge to things like direct mastadon/iMessage/messenger/whatsapp/matrix compatibility?
Im rooting for them to keep it up.
While it’s not mostly about security, and I generally agree that Apple’s dickitry with regard to iMessage should end (they’d be doing a solid in the US to just release an Android client and monetize via sticker packs or something like it) there is most certainly a security risk for Apple to allow a reverse-engineering of their spec to spoof real iPhones, which is how Beeper works.:
pypush is a POC demo of my recent iMessage reverse-engineering. It can currently register as a new device on an Apple ID, set up encryption keys, and send and receive iMessages!
Now, your quote and the others in this thread:
Beeper didn’t find a security hole, nothing was compromised for Apple.
They sure as fuck did, lol. iMessage isn’t public, it’s not intended to be used by anyone other than Apple, and the bandwidth and servers are not free. Its not as if every iMessage isn’t going through Apple’s servers, they’re paying for it. Though they didn’t find a technical hole like a zero day or compromise iMessage for customers, they absolutely found a security concern for Apple. If you walk in to your house, find your neighbor there grabbing a couple of eggs out of the fridge and they hand wave away and say “don’t worry I didn’t break a window, I just figured out you keep a spare key under the mat and also I’m going to use these to make cookies for the block party and I’m not going to charge a lot for them and only you have these eggs from your chicken you’re hogging them!” you’d kick them out in a hurry and probably call the cops.
So two things:
- We can absolutely be mad at Apple for the lock in effect of iMessage, there were some leaked emails a while ago that confirm what we all know, this is just there to prevent buying your kid a cheap android phone. Personally, I think if Apple was serious about keeping their customers secure, they’d either release an Android client or better, just make sure that the minimum spec for RCS supports E2EE for wide adoption. They can still have a more robust platform with iMessage, and it’s still going to integrate with Apple shit in a way that only they could do.
- Anyone, anywhere, who thought that this was a viable business for Beeper has lost their fucking minds. Their model was basically “trust me bro, we’re going to socially pressure Apple and that’s going to totally work” and while it sounds like they’re back up for now, it will be extremely surprising if it stays that way longer than another week or two. It would be akin to someone launching a business being like “well, we didn’t hack Microsoft/Google/Facebook, but we’re planning on hosting a bajillion users on their backend for free without their approval.”
I’ve only heard this particular stance from iPhone users.
Apple has done a stellar job propagandizing their brand as the “Good guys… just looking out for their customer’s best interests, is all”.
No evidence for this take whatsoever; it’s just naked, gullible brand loyalty.
Kind of an amazing phenomenon, if it weren’t so sad.
I’ve got both. iOS for work, android for personal use. I’m in DevSecOps and therefore tend to see everything from this sort of mindset. Apple didn’t make a deal with them, they don’t have an open standard. It’s proprietary, it’s locked down. Why would any company with that sort of a product allow another company to interface with their offerings without paying for it? Even if it’s nice and secure, this will add load to the iMessage servers that people aren’t paying Apple for. It could introduce errors/issues they never tested for because they have a closed ecosystem and only have to test with their own devices, a known quantity. It could even increase potential attack vectors.
If you offered wifi to your friends via a guest network and then someone figured out how to connect their whole neighborhood to it, would you be fine with that?
Good points. But, and using your LAN comparison: if my wifi’s guest network used some custom method (let’s also consider it a proprietary method for the sake of comparison) to, A) impose an arbitrary limit of uploading files no larger than 100KB (and/or have the files heavily compressed to meet said limit) while B) offering no clear method of communication to the non-guest users why this limitation is occuring (or even exists)… I can imagine both guests and non-guests would quickly become irritated and start bickering among themselves as to whose fault this arbitrarily-imposed “local network file sharing problem” should be blamed on.
I don’t think it’s the guests fault for being arbitrarily limited. And I wish the non-guests could be told why the limitations are imposed.
Because no one behind a trillion dollar company should (in good faith, at least) concern themselves with restricting non-Apple, shareable files to be seen as “just slightly, technically accessible to Apple devices”.
These constraints are clearly imposed on Apple users (by no one but Apple) to alienate “non-privileged, non-Apple customers” (them) from the “privileged Apple customers” (us).
And Apple’s goal on “finding common ground” seems to be: do not negotiate with any proposed solutions as the division we are creating is intentional.