tyushk

Beeper Mini does not make iMessage to iMessage even fractionally more secure, and since it is indeed faking credentials to get on the iMessage network, it is possibly a security issue, as Apple says it is.

Except that the security issue is Apple blindly trusting things that say they are a Mac to be a Mac. Seriously. That's the whole exploit. It says its a Mac, it logs in the same way you do with iCloud apps, and that's it. There's no exploit of real security here. It's vaulting over an artificial wall.

brianjo said:

Apple doesn't allow 3rd party apps to access SMS messages for good reason.  SMS is regularly used for 2 factor authentication. If apps could access SMS, rogue apps could then send those messages off to other servers. Not cool.

ANCS spec allows this to happen anyway, by any app on your iPhone.

This isn't an issue for android because your SMS handler is an app the user gives a special privilege. SMSs are then sent to that app without the knowledge of other apps, except for apps given the special privilege of reading push notifications (smartwatch, phone to PC sync, etc) by the user

9secondkox2 said:

tyushk said:

All it does is say to Apple "yeah I'm a Mac. Here's a serial number. Yeah it's my serial number and not randomly generated, trust me bro" and Apple blindly accepts that. From there, it uses the same security, the same encryption, and the same trust as a real iPhone or Mac. 

So… spoof then. 

And yes, spoofs are bad. It’s a hack. Tricking a system to gain access is a bypass of security and therefore a risk.  Not a good thing. 

“Oh gee officer, I didn’t steal that persons money, I just put in credentials that matched theirs and the online shopping store blindly accepted it.” 

The thing is what this is spoofing. All it does is spoof that it's a real Mac. No credentials or keyrings are spoofed. After it's been "proven" to be a real Mac, Apple doesn't care. It's an artificial wall.

9secondkox2 said:

Thankfully Apple matches this obsession - which is why we buy their products. 

They don't care about your security. They care about looking like they care about your security.

IMessage is walled off to non Apple users, not by enhanced encryption or 0 trust protocols, but by a green slip. That's the root of how these "hackers and spoofers" get iMessage to play nice; by forging the green slip.