Apple iMessage Privacy and Security Hole
It all started with the screams of a colleague who found on his phone a FOREIGN ANSWERS to his wife's messages on his own phone.
I still try here, unlike Apple, to comply with all the privacy policy and tell the story of Gizmodo , shedding light on the enormity of the vulnerability found. The story is simple: the kind mommy took her son's phone at the Apple Store to check something while he was in a regular secondary school. Returning back, honestly returned the phone to its original place. But what was the surprise of my son when it was discovered that from that moment on the phone received a portal into the private life of a man he did not know, with all the juicy details. Messages came from strangers to him, replies to these messages allegedly the owner of the phone. I'm sure it was interesting. We can only guess how the story with Gizmodo ended, but mamma was clearly dissatisfied. Why it did not end with a trial against Apple, I do not know.
')
Officially, Apple does not consider this a bug ; it turned out to be a feature.
The case turned out that iMessage in the case of authorization by phone (SIM), reads the phone number once during registration on the server, and after this SIM can be safely removed. And insert it into another phone, after which iMessage becomes identical on both devices. If you have a lot of time and phones, you can create a whole chorus of devices. At the same time, of course, not one of them reports in any way that there is a “wiretapping” somewhere. How do you like it?
In general, the story stretches from the beginning of the year, but somehow it is not particularly audible about it - as long as it did not affect my colleague. Think about whether you inserted your SIM card into someone else's iPhone or iPad?
You can fix this as follows. You need to log in to the Apple portal , click on the edit button “edit products”, then click on the cross to the right of the name of the device to which the iMessage system is attached. After selecting “unregister”, the binding of the service to a specific number and device is removed. Also, they say, it saves the on-off iMessage on the device itself - he then makes another attempt to read the SIM card, and if it does not find it, it is untied.
I still try here, unlike Apple, to comply with all the privacy policy and tell the story of Gizmodo , shedding light on the enormity of the vulnerability found. The story is simple: the kind mommy took her son's phone at the Apple Store to check something while he was in a regular secondary school. Returning back, honestly returned the phone to its original place. But what was the surprise of my son when it was discovered that from that moment on the phone received a portal into the private life of a man he did not know, with all the juicy details. Messages came from strangers to him, replies to these messages allegedly the owner of the phone. I'm sure it was interesting. We can only guess how the story with Gizmodo ended, but mamma was clearly dissatisfied. Why it did not end with a trial against Apple, I do not know.')
Officially, Apple does not consider this a bug ; it turned out to be a feature.
The case turned out that iMessage in the case of authorization by phone (SIM), reads the phone number once during registration on the server, and after this SIM can be safely removed. And insert it into another phone, after which iMessage becomes identical on both devices. If you have a lot of time and phones, you can create a whole chorus of devices. At the same time, of course, not one of them reports in any way that there is a “wiretapping” somewhere. How do you like it?
In general, the story stretches from the beginning of the year, but somehow it is not particularly audible about it - as long as it did not affect my colleague. Think about whether you inserted your SIM card into someone else's iPhone or iPad?
You can fix this as follows. You need to log in to the Apple portal , click on the edit button “edit products”, then click on the cross to the right of the name of the device to which the iMessage system is attached. After selecting “unregister”, the binding of the service to a specific number and device is removed. Also, they say, it saves the on-off iMessage on the device itself - he then makes another attempt to read the SIM card, and if it does not find it, it is untied.
Source: https://habr.com/ru/post/147672/
All Articles