Nothing's iMessage bridge doesn't appear to be encrypted at all

AppleInsiderAppleInsider
Posted:
in iOS

Despite the Nothing company co-founder claiming that its chat service that bridges iMessage would be end-to-end encrypted, the source code appears to reveal quite the opposite.

Nothing Chats
Nothing Chats



The creators of Nothing Phone (2) announced Nothing Chats on November 14. It's a service allowing Android users to send messages in iPhone-style blue bubbles -- assuming that they want to log into a remote server with their Apple ID.

Nothing requires users to have Phone (2) to access Nothing Chats. The iMessage-like technology is from Sunbird, a technology company based in New York, and is integrated into the Nothing messages application.

texts team took a quick look at the tech behind nothing chats and found out it's extremely insecure

it's not even using HTTPS, credentials are sent over plaintext HTTP

backend is running an instance of BlueBubbles, which doesn't support end-to-end encryption yet pic.twitter.com/IcWyIbKE86

-- Kishan Bagaria (@KishanBagaria)



On Friday, the founder of Texts.com tweeted that his team "took a quick look" at the code behind Nothing Chats and found that it's insecure.

"It's not even using HTTPS, credentials are sent over plaintext HTTP," Kishan Bagaria said.

Exposing data with insecure protocols



The primary concern is the absence of HTTPS (Hypertext Transfer Protocol Secure) in the service's communication protocols. HTTPS, a fundamental security standard for modern internet communication, encrypts data between a user's device and the server.

The lack of this encryption means that sensitive information, including login credentials, is sent over the internet using plaintext HTTP. Using that method is insecure as it allows relatively easy interception of data by third parties, especially on unsecured networks.

The investigation revealed that Nothing Chats uses a backend powered by BlueBubbles, a messaging service known for its lack of end-to-end encryption. End-to-end encryption is a critical feature in secure messaging, ensuring that only the communicating users can read the messages.

The absence of this encryption means that messages can potentially be accessed by the service provider or intercepted by external entities, posing a significant privacy threat.

Nothing has yet to respond to the claims.

Secure messaging solutions



According to Nothing, the primary reason behind its messaging app was to entice iPhone users of its earbuds to commit to its smartphone fully. The company determined that messaging barriers deter iPhone users from switching platforms, particularly the stigma associated with being the sole person in a group chat with Android green bubble messages instead of the typical Apple blue ones.




"We were like, how can we do something about this?" said Nothing's Carl Pei. "And started looking at the different teams working on this problem... and we got in touch with the Sunbird team."

Echoing more prominent companies like Google and Samsung, Nothing also mentioned Apple's lack of support for RCS in iMessage. It further claimed that Apple's reluctance to adopt RCS endangers user privacy.

Fortunately, Apple announced on November 16 that it will add the RCS Universal Profile to iMessage, likely with iOS 18 in 2024. Although that profile doesn't include Google's version of end-to-end encryption, Apple is working with the industry body GSMA on a possible inclusion of an industry-wide encryption standard.

Read on AppleInsider

Comments

  • Reply 1 of 9
    Nikon8Nikon8 Posts: 47member
    Nothing CEO says. “Nothing to see here!”
    Anilu_777watto_cobraFileMakerFeller
  • Reply 2 of 9
    HonkersHonkers Posts: 156member
    How did they get the source code?
  • Reply 3 of 9
    lloyddeanlloyddean Posts: 13member
    It seems to be a simple AppleID harvesting scheme endangering Apple customer services.
    braytonakAnilu_777watto_cobraanonymouseAlex1NFileMakerFeller
  • Reply 4 of 9
    9secondkox29secondkox2 Posts: 2,727member
    Yikes! This is worse than having no integration. 

    The level of irresponsibility from nothing is frightening. 

    Hire some actual engineers for crying out loud. Anyone can head over to GitHub and cobble stuff together. Sheesh. 
    Anilu_777watto_cobraAlex1NFileMakerFeller
  • Reply 5 of 9
    22july201322july2013 Posts: 3,573member
    Nothing is compatible. Nothing is fast. Nothing is cheap. Nothing is secure.
    watto_cobraFileMakerFeller
  • Reply 6 of 9
    Anilu_777Anilu_777 Posts: 528member
    22july2013 said:
    Nothing is compatible. Nothing is fast. Nothing is cheap. Nothing is secure.
    *ROTFL* 
    watto_cobraAlex1Nright_said_fred
  • Reply 7 of 9
    lloyddeanlloyddean Posts: 13member
    At least it's all said up front and from the beginning.

    Edit: At least there is truth in its advertising!
    edited November 2023 watto_cobraAlex1N
  • Reply 8 of 9
    Alex1NAlex1N Posts: 132member
    lloyddean said:
    At least it's all said up front and from the beginning.

    Edit: At least there is truth in its advertising!
     :D :D :D

    It sounds like something to avoid like the Plague.
    edited November 2023
  • Reply 9 of 9
    danoxdanox Posts: 2,875member
    Nothing from Nothing

    By Billy Preston

    Nothin' from nothin' leaves nothin' 
    You gotta have somethin' if you wanna be with me 
    Nothin' from nothin' leaves nothin' 
    You gotta have somethin' if you wanna be with me

    I'm not tryin' to be your hero 
    'Cause that zero is too cold for me (Brr) 
    I'm not tryin' to be your highness 
    'Cause that minus is too low to see, yeah

    Nothin' from nothin' leaves nothin' 
    And I'm not stuffin', believe you me 
    Don't you remember I told ya 
    I'm a soldier in the war on poverty, yeah 
    Yes, I am

    Nothin' from nothin' leaves nothin' 
    You gotta have somethin' if you wanna be with me 
    Nothin' from nothin' leaves nothin' 
    You gotta have somethin' if you wanna be with me 
    That's right, ha, yeah

    Gotta have somethin' if you wanna be with me 
    You gotta bring me somethin' girl 
    If you wanna be with me.


    https://www.musixmatch.com/lyrics/Billy-Preston/Nothing-From-Nothing



    edited November 2023
Sign In or Register to comment.