tyushk

9secondkox2 said:

tyushk said:

All it does is say to Apple "yeah I'm a Mac. Here's a serial number. Yeah it's my serial number and not randomly generated, trust me bro" and Apple blindly accepts that. From there, it uses the same security, the same encryption, and the same trust as a real iPhone or Mac. 

So… spoof then. 

And yes, spoofs are bad. It’s a hack. Tricking a system to gain access is a bypass of security and therefore a risk.  Not a good thing. 

“Oh gee officer, I didn’t steal that persons money, I just put in credentials that matched theirs and the online shopping store blindly accepted it.” 

The thing is what this is spoofing. All it does is spoof that it's a real Mac. No credentials or keyrings are spoofed. After it's been "proven" to be a real Mac, Apple doesn't care. It's an artificial wall.

Beeper Mini does not make iMessage to iMessage even fractionally more secure, and since it is indeed faking credentials to get on the iMessage network, it is possibly a security issue, as Apple says it is.

Except that the security issue is Apple blindly trusting things that say they are a Mac to be a Mac. Seriously. That's the whole exploit. It says its a Mac, it logs in the same way you do with iCloud apps, and that's it. There's no exploit of real security here. It's vaulting over an artificial wall.

brianjo said:

Apple doesn't allow 3rd party apps to access SMS messages for good reason.  SMS is regularly used for 2 factor authentication. If apps could access SMS, rogue apps could then send those messages off to other servers. Not cool.

ANCS spec allows this to happen anyway, by any app on your iPhone.

This isn't an issue for android because your SMS handler is an app the user gives a special privilege. SMSs are then sent to that app without the knowledge of other apps, except for apps given the special privilege of reading push notifications (smartwatch, phone to PC sync, etc) by the user

9secondkox2 said:

Beeper Mini's approach. is traditionally called a spoof. And that's one of the oldest shady hacker tricks out there. It's. not good. thing. It's a security risk. A hack. 

God, I hate it when people just parrot what an article says. You know the source code for the "exploit" Beeper Mini uses is public right?

You can investigate this spoof for yourself. All it does is say to Apple "yeah I'm a Mac. Here's a serial number. Yeah it's my serial number and not randomly generated, trust me bro" and Apple blindly accepts that. From there, it uses the same security, the same encryption, and the same trust as a real iPhone or Mac. 

Spoofs are everywhere. You computer spoofs being an 8086 until your boot loader says it's okay to drop the act. Spoofs are not inherently bad or evil, or a security risk.