It was an exploit that mimicked the device as apple hardware, but it wasent sketchy. Everything was still e2ee, with beeper having no access to any data.
It was the exact opposite of what the nothing “middleman” did that was actually sketchy.
Comment on Senator Warren calls out Apple for shutting down Beeper's 'iMessage to Android' solution
thejml@lemm.ee 9 months ago
Did Beeper clear its usage of the iMessage platform with Apple? Sign a contract? Get an SLA agreement with Apple in writing?
I was under the impression that they found essentially a back door/work around to latch into the iMessage platform… in that case this is no different than Cisco patching some routers or MS fixing a security hole. If anything I’d be more annoyed that Apple didn’t patch it quicker.
I’d love to be able to use iMessage with my android friends, but Beeper’s methods seemed sketchy as hell.
mosiacmango@lemm.ee 9 months ago
whofearsthenight@lemm.ee 9 months ago
It was an exploit
…
but it wasent sketchy
Ah yes, businesses based on exploits. Very not sketchy.
mosiacmango@lemm.ee 9 months ago
It wasent a bug in software. They cloned an apple hardware ID as i understand it.
They basically put on an “Im an apple!” mask and then used iMessage as expected. While an “exploit” it is not inherently a security issue.
whofearsthenight@lemm.ee 9 months ago
I think you’re conflating two different things when it comes to my comment. While I can agree in spirit, and were someone to release a FOSS version of this that did the same thing, I’d go right along with you on the whole “hacker spirit” thing (like the kid who wrote the original exploit and put it up for free on GitHub), but that’s not what is happening here. This:
Enabling interoperability in purposely walled gardens for the overall greater good of the Internet?
is not what’s happening, this is Beeper just trying to make money basically selling fake ID’s so you can get into the club, and the whole “uwu I’m a wittle startup don’t hurt me Apple” is just marketing spin for what I have to imagine was the rather insane assumption on the part of Beeper that they thought they found something that was unpatchable, and/or that they could somehow publicly pressure Apple to not sue them out of existence for what is potentially a crime (laws against hacking usually don’t give a shit about the method you use to breech a system, just whether that use is authorized which this is clearly not.) Apple has reasonable claim to financial damage as well, since Beeper is using Apple’s servers/bandwidth without approval or compensation. Charitably, Beeper might be hoping that this gets the attention of regulators and they’ll legislate opening it up, but that ship has sailed in the EU, and the legal argument for doing it in the states is “we don’t like green bubbles” so I wouldn’t hold my breath, and even then assuming there is a will in the legislature to do this, I have a hard time seeing how Beeper stays funded long enough to see that law pass.
Anyway, I am not saying this because I personally don’t want to see iMessage on Android (realistically I’d like the RCS standards body to get their head out of their asses and relegate iMessage and the various Facebook messengers to irrelevance) what I am saying is that Beeper trying to pretend to be a real business is laughable. Like, this is the type of product I would expect to buy in an alternate App Store with bitcoin or something, not something I would expect a real business to release on purpose with all of the fanfare and 100k’s of downloads. It’s the technical equivalent of putting up a stand in front of Costco advertising that you’re going to print fake cards so you can get into Costco, and you’re going to do that by plugging your printer setup into Costco’s power to do it. oh, and then when Costco cuts off power, you run an extension cord over to a different outlet. Like, you can argue that you think Costco should do away with membership, but we all see what an insane business plan that would be, right?
LilPappyWigwam@lemm.ee 9 months ago
I’ve only heard this particular stance from iPhone users.
Apple has done a stellar job propagandizing their brand as the “Good guys… just looking out for their customer’s best interests, is all”.
No evidence for this take whatsoever; it’s just naked, gullible brand loyalty.
Kind of an amazing phenomenon, if it weren’t so sad.
thejml@lemm.ee 9 months ago
I’ve got both. iOS for work, android for personal use. I’m in DevSecOps and therefore tend to see everything from this sort of mindset. Apple didn’t make a deal with them, they don’t have an open standard. It’s proprietary, it’s locked down. Why would any company with that sort of a product allow another company to interface with their offerings without paying for it? Even if it’s nice and secure, this will add load to the iMessage servers that people aren’t paying Apple for. It could introduce errors/issues they never tested for because they have a closed ecosystem and only have to test with their own devices, a known quantity. It could even increase potential attack vectors.
If you offered wifi to your friends via a guest network and then someone figured out how to connect their whole neighborhood to it, would you be fine with that?
LilPappyWigwam@lemm.ee 9 months ago
Good points. But, and using your LAN comparison: if my wifi’s guest network used some custom method (let’s also consider it a proprietary method for the sake of comparison) to, A) impose an arbitrary limit of uploading files no larger than 100KB (and/or have the files heavily compressed to meet said limit) while B) offering no clear method of communication to the non-guest users why this limitation is occuring (or even exists)… I can imagine both guests and non-guests would quickly become irritated and start bickering among themselves as to whose fault this arbitrarily-imposed “local network file sharing problem” should be blamed on.
I don’t think it’s the guests fault for being arbitrarily limited. And I wish the non-guests could be told why the limitations are imposed.
Because no one behind a trillion dollar company should (in good faith, at least) concern themselves allowing non-Apple, shareable files be anything more than “just slightly, technically accessible” to Apple devices.
These constraints are clearly imposed on Apple users, and only by Apple to alienate “non-privileged, non-Apple customers” (them) from “privileged Apple customers” (us).
And Apple’s goal on “finding common ground” seems to be: do not negotiate with any proposed solutions as the division we are creating is intentional.
d3Xt3r@lemmy.nz 9 months ago
Exactly. And this (community reverse engineering / interoperability / bridging etc), isn’t something new, it’s existed ever since every single messaging protocol became popular - whether proprietary or not, it didn’t matter - people were going to find a way to bridge the gap sooner or later. So for Apple to think that this was somehow exclusive to just iPhone users - and that it will stay that way - is a bit shortsighted.
If profit is what they were after, they could’ve just as easily made an official, secure API and charged for it. I’m sure there’s plenty of folks out there willing to pay for iMessage, given how many of them are buying used Mac Minis and iPhones to use as a relay. Apple’s shortsightedness is making them miss out on a business opportunity.
ikidd@lemmy.world 9 months ago
What’s the choice? Apple isn’t going to license it for all the tea in China.
helenslunch@feddit.nl 9 months ago
It’s entirely different in that it was not a vulnerability or exploit of any kind and actually improved the security of Apple’s users.
quo@feddit.uk 9 months ago
whofearsthenight@lemm.ee 9 months ago
While it’s not mostly about security, and I generally agree that Apple’s dickitry with regard to iMessage should end (they’d be doing a solid in the US to just release an Android client and monetize via sticker packs or something like it) there is most certainly a security risk for Apple to allow a reverse-engineering of their spec to spoof real iPhones, which is how Beeper works.:
Now, your quote and the others in this thread:
They sure as fuck did, lol. iMessage isn’t public, it’s not intended to be used by anyone other than Apple, and the bandwidth and servers are not free. Its not as if every iMessage isn’t going through Apple’s servers, they’re paying for it. Though they didn’t find a technical hole like a zero day or compromise iMessage for customers, they absolutely found a security concern for Apple. If you walk in to your house, find your neighbor there grabbing a couple of eggs out of the fridge and they hand wave away and say “don’t worry I didn’t break a window, I just figured out you keep a spare key under the mat and also I’m going to use these to make cookies for the block party and I’m not going to charge a lot for them and only you have these eggs from your chicken you’re hogging them!” you’d kick them out in a hurry and probably call the cops.
So two things: