[HN Gopher] iMessage, explained
___________________________________________________________________
iMessage, explained
Author : spoon16
Score : 355 points
Date : 2023-12-05 15:33 UTC (7 hours ago)
(HTM) web link (jjtech.dev)
(TXT) w3m dump (jjtech.dev)
| bgorman wrote:
| My prediction is that Apple will start to use attestation (device
| check) to lock down iMessage. The problem is that this would
| require a software update for older devices.
| ocdtrekkie wrote:
| Apple already provides security updates to all iOS devices made
| in the last 5ish years at least, so it would probably take a
| pretty trivial number of years for them to have an update
| deployed to nearly all iOS devices that see active use.
| gafage wrote:
| The iPhone 5s (released ten years ago) received an update
| earlier this year.
| uf00lme wrote:
| I think that is how BBM worked, but I could be wrong. I'd be
| surprised if it is part of the over arching OS security. Sounds
| like something that should be in their lockdown mode at the
| very least.
| kotaKat wrote:
| They already partially do.
|
| > Warning: In order to generate the "validation data", pieces
| of information about the device such as its serial number,
| model, and disk UUID are used. This means that not all
| validation data can be treated equivalently: just like with
| Hackintoshes, the account age and "score" determine if an
| invalid serial can be used, or if you get the "customer code"
| error.
|
| The "customer code" error is a prompt from Apple, basically an
| attestation failure -- you have to contact Apple Support to get
| your Apple ID unlocked once you've tripped the failure.
| Legitimate customers will breeze right through (eg, just
| approving your login from your legit device), but Hackintosh
| users use crafty means to fake their way through the
| process.[1]
|
| [1]https://old.reddit.com/r/hackintosh/comments/gij9rt/getting_
| ...
| blibble wrote:
| remote attestation would mean it's not possible to pull out
| the binary and run it externally
|
| you'd need the key from the TPM/secure enclave too, which is
| much much harder to extract
| whynot-123 wrote:
| I would like to point out how awesome it is that someone in high
| school is making this caliber of a post. I've thought at least a
| dozen times over the last 20 years how i would like to understand
| macOS internals, and this person is deconstructing it. well done!
| apetresc wrote:
| Fully agree, but you're even burying the lede here. He didn't
| just write the blog post, he wrote pypush itself.
| dbuxton wrote:
| Genuine question - can a topic really be `opertunistic` or is
| that author typo? I love these `referer`-type misspellings that
| become fossilized over generations
| projektfu wrote:
| The code doesn't seem to use it, but I think it would be a
| misspelling by the author, as it's probably an integer code.
| catlover76 wrote:
| I just got an iPhone for the first time, and it is a noticeably
| better device than my previous Android phones.
|
| One downside is that I can't use iMessage on my Windows and Linux
| computers. Will look into pypush
|
| Honestly, the iPhone is nudging me further to giving a
| Macbook/OSX a try one day, but the major blocker to me is the
| poor state of gaming on Macs.
| selykg wrote:
| Personally, the approach I took to this was just to game on
| consoles. In my personal experience, the upgrade cycle is far
| far better for me. I don't feel like I've missed anything as a
| result either.
| crossroadsguy wrote:
| Personally, for communication I never use a device platform
| specific/locked app/service. Maybe you could keep using the
| app(s) whatever you were.
| frizlab wrote:
| I'm curious, what do you use then?
| gumby wrote:
| There are lots of choices depending on your community and
| desired feature set: whatsapp, fb messenger, instagram
| messenger, telegram, signal, discord, or the direct
| messaging features of other programs like Slack.
|
| imessage is an outlier in that it also has a bidirectional
| link with SMS. I just read today that FB messenger used to
| have this (who knew?) but no longer does. My reading of the
| EU's complaint is that if imessage didn't have this feature
| they would not be in trouble since they'd be no different
| from the other services in being a silo. Weird!
| frizlab wrote:
| Unless I'm mistaken literally all of these services are
| locked down too, and few have E2E encryption... iMessage
| is indeed "Apple-only" but the rest is on "all" platforms
| only for purely economical reasons, as much as iMessage
| is on Apple platforms only for the same reason.
|
| At least iMessage falls back to SMS (soon RCS) when
| available, which is much more ubiquitous than the rest
| tbh...
|
| If you truly want to avoid a lock down you should host
| your own messaging solution.
| philsnow wrote:
| I don't know why you're getting downvoted, but I'll throw
| my hat in this ring as well:
|
| Some of those services require individual opt-in to turn
| on e2ee. Some of them don't support e2ee for group
| messaging. Of the services listed that do support e2ee, I
| have the most trust in Apple's (well, Signal's, but..)
| being "actually" [0] and "only" [1] end-to-end encrypted.
| The entire basis of that trust is the money they've spent
| positioning themselves in the market as a privacy-focused
| brand.
|
| Meta runs three of the listed services (whatsapp,
| facebook messenger, instagram), and their positioning is
| not exactly "privacy-focused". I haven't looked into
| Telegram much, but I would want to at least understand
| how they generate revenue before trusting them. Neither
| Discord nor Slack are what I would call privacy-focused.
| Signal is probably better than iMessage in terms of how
| much I trust their company, their clients, and their
| protocol, but its adoption is so vanishingly small among
| my friends that I stopped asking people if they used it.
|
| [0] I've seen services in the past [0a] that have tried
| to argue that as long as every link is encrypted from
| originating client through servers to destination client,
| or from originating client to destination server, then
| it's "end to end encrypted"
|
| [0a] https://news.ycombinator.com/item?id=21528437
|
| [1] that is, not only are message contents (and as much
| metadata as is feasible) encrypted such that the same
| ciphertext passes all the way through the system and the
| recipient's client can decrypt the ciphertext, but _also_
| 1. the intermediary service doesn 't have a copy of the
| recipient's secret key and 2. the plaintext wasn't
| encrypted also to a public key belonging to the
| intermediary service or some other party.
|
| _edit_ This other comment
| https://news.ycombinator.com/item?id=38537444 talked
| sense into me -- Apple doesn't seem to have designed
| iMessage to keep up with the times, crypto-wise. There's
| a huge, aging installed base that admittedly gets updates
| more often than any other competitor in their space, but
| that still means that iMessage has to be able to talk to
| them. I guess this is similar to the deprecation of SSL
| 0.9 and TLS 1.0; browser vendors collectively decided to
| kill them when a low enough proportion of servers were
| using them, but I don't know if Apple would be willing to
| cut off the older devices to make things better for
| owners of newer ones.
| catlover76 wrote:
| > Maybe you could keep using the app(s) whatever you were.
|
| I was using Android Messages, which has a web app. The
| experience was mediocre because the web app had trouble
| connecting to my phone all the damn time.
|
| I text some people almost exclusively through Facebook
| Messenger, and I think the rest I will try to move from text
| to WhatsApp. Both Meta-owned, unfortunately, but those seem
| to be easy to use cross-device and almost everybody has them.
| outlawery wrote:
| If you're already using Thunderbird as mail client, you can
| integrate Google Messages add-on [1] into Thunderbird app
| which I have been using happily for over a year without
| much trouble (sans the incoming texts notification
| feature). Seemingly this add-on has all features akin to
| the Google Messages Android app.
|
| [1] https://addons.thunderbird.net/en-
| us/thunderbird/addon/googl...
| samtheprogram wrote:
| After my gaming computer started rebooting (probably needs a
| new power supply in order to hit peak power draw), I tried out
| my new M2 Pro for gaming again.
|
| I've been using Codeweavers Crossover to play games that are
| Windows only, and it's been surprisingly fine. I never fixed my
| gaming PC (for gaming, at least) and converted it to an at home
| server. It's been a couple months now. I just lent a friend my
| GPU.
|
| Epic Games doesn't seem to work, but you could always use
| Legendary for those titles -- I just don't have any titles on
| Epic that I want to play.
|
| I'm hoping in one of the future updates that Crossover can
| activate macOS Sonoma's Game Mode for the games running within
| Wine, because I assume it'll improve performance even more. I'm
| also having a bit of buyers remorse -- I didn't plan to use
| this for gaming, and now I'm wondering how much better an M2 or
| M3 Max would be for more demanding titles.
| catlover76 wrote:
| Ehh yeah the prospect of using such patching software doesn't
| appeal, and I don't want to run the risk that games work
| poorly or not at all even with that kind of fiddling (which
| is something I abhor about Linux, so why would I want it on
| my expensive and supposedly superior Macbook).
| philsnow wrote:
| Just want to throw out there that ~20 years ago I sometimes
| got better framerates in linux than windows on the same
| hardware for certain FPS games
| beretguy wrote:
| A much more major issue with Macs is planned obsolescence. It's
| the only reason I am not buying any Macs.
| bobchadwick wrote:
| My late-2013 MacBook Pro recently gave up the ghost. I'd used
| it daily in the ten years it worked. Are there other PC
| manufacturers who make laptops that are still useable after
| ten years?
| IntelMiner wrote:
| Both desktop and laptop computers have been perfectly
| serviceable for that long for a while now. Computers are
| "good enough" for tbe overwhelming majority of tasks most
| users (note, most _regular_ users, not the HN crowd) would
| throw at them
| eropple wrote:
| Desktops, I'd agree. My experience with most Windows
| laptops, non-Thinkpad class, is that they _physically_
| haven 't been able to survive that long. Like, people rag
| rightly on the butterfly keyboard era of Macbook Pros,
| but until recently you'd see pretty drastic hinge or
| keyboard or touchpad or _case_ failures on even fairly
| expensive laptops. Especially as you get into more
| slimline /ultrabook form factors; I've seen some really
| bludgeoned Dells and HPs in particular. (Though I liked
| my Spectre x360 aside from the party where it fell apart
| in normal everyday use.)
|
| I recently took a 2012 rMBP out of rotation (~five years
| dedicated use, the last five intermittently as a Logic
| Pro workstation) and now it's a Kubernetes homelab node.
| But I took it out because Thunderbolt 3 now means I can
| just slot my M1 Max into my workspace and don't need a
| dedicated box; the keyboard, touchpad, hinge, screen, and
| case are all pristine, I didn't remove it due to hardware
| expiry.
| smallerfish wrote:
| I mean if we're playing anecdata, my spouse has been
| through 4 mac laptops in the same period, which have given
| up the ghost in various different ways.
| dmz73 wrote:
| Apple hardware is mediocre at best. 2020 MacBook Air with
| i5 is unbearably slow. I have Samsung ATIV 700T with i5
| from 2014 and it feels much faster than 2020 i5 MacBook.
| You can now say that it is the problem with Intel and that
| M1-2-3 are so much better but I have some Intel i7 laptops
| from 2016 and 2021 and they also blow Intel Mac away in
| speed and reliability and are comparable in speed with M2
| that is sitting next to 2020 Mac. 2 other older MacBooks
| are falling apart (2009 and G4) wheres even older Dells and
| comparable HPs are still feeling robust...and are used more
| than decrepit Apple hardware.
| kube-system wrote:
| And traditional PC makers have a problem with unplanned
| obsolescence. A lot of consumer hardware does not receive
| updates from the manufacturer after the device is off
| shelves.
| overgard wrote:
| My 2013 MacBook lasted 9 years (I'd still be using it if the
| battery connector wasn't shot.) In my experience Mac's last a
| lot longer than my equivalent PC's, although w/ an initial
| premium of course.
| matwood wrote:
| But the internet keeps saying the iPhone is just marketing. /s
|
| I've developed for and used both, and I've settled on iPhones
| for the last few generations. Though, I think flagship devices
| of either are fine nowadays. The 'slab of glass' phone is
| basically a solved problem at this point.
| vips7L wrote:
| Windows Phone Link does support iMessage now.
| catlover76 wrote:
| surprisedpikachu.gif
|
| edit: just set it up and gave it a test--seems to work pretty
| well!
| tech234a wrote:
| I don't believe they actually did any reverse engineering
| for Windows Phone Link. iOS makes SMS/iMessages available
| over Bluetooth as part of its support for the Message
| Access Profile [1], intended for sending messages using a
| car infotainment system. This requires a physical iOS
| device to be located in proximity of the Windows device.
|
| [1]: https://support.apple.com/en-us/102842
| josefresco wrote:
| It works... "ok" but doesn't handle group messages. I find
| sometimes it just doesn't connect. They do post frequent
| updates though so there's clearly an active team managing
| the app.
|
| I love being able to easily send URLs and other copy+paste
| items to my iMessage contacts from Windows!
| ChrisMarshallNY wrote:
| Not sure if that will ever improve.
|
| I don't really use the Mac for gaming.
|
| However, Apple Silicon may change the landscape
| benoror wrote:
| More on this: https://news.ycombinator.com/item?id=38531759
| lxe wrote:
| This is phenomenal work. You should write a little on how you got
| into this whole field. There are high school and college kids all
| over reddit struggling how to excel at technical stuff, learn
| programming, get a job in tech, and I feel like they can really
| benefit from your perspective.
| tomashubelbauer wrote:
| I don't disagree with what you say, but I would be surprised if
| it was any sort of secret sauce and not "just" an incredible
| amount of grinding, the seemingly zero-cost energy reservoir
| you can tap into as a young adult if you really like what
| you're doing and possibly an enlightened parent or a role
| model.
| terminous wrote:
| > possibly an enlightened parent or a role model
|
| This is typically the 'secret sauce'.
| bexsella wrote:
| I was once asked how I got to where I am, where others in
| my situation might not have, my response was: "Parents that
| gave a damn". It wasn't about pressuring me, it was about
| recognising my interest in computers, and fostering that
| interest as much as was financially possible given our
| circumstances (which were often dire). My parents aren't
| technical, but they did what they could, and I wouldn't be
| the engineer I am without that.
| drekipus wrote:
| I grew up with a foster mother that actively "suppressed"
| what I did on the computer, banning me for a month if I
| didn't get changed immediately after school.
|
| Now I've become a senior engineer, but I'm kinda shotty
| at it, chaotic good in solving problems, but issues with
| authority and process.
|
| Who knows, maybe I would've became a "run of the mill"
| engineer if she helped.
| moxious wrote:
| "just" is doing a lot of work in this construction.
| Regardless what a person's constellation of privileges is, it
| always takes an incredible amount of grinding and that's
| pretty damn cool / laudable / praiseworthy all by itself.
|
| The secret sauce has never been secret
| tomashubelbauer wrote:
| That's my point.
| lxe wrote:
| It's not grinding though. My highschool years were also super
| productive when it came to programming-related things, while
| I have seen most of my peers, aside from select few, really
| struggle despite their willingness. So maybe there is some
| secret sauce that can help others to get good a this. Maybe
| it's a mindset or attitude, etc...
| tomashubelbauer wrote:
| I don't know. I definitely did grind programming a lot as a
| teenager and for a few years as a young adult. But the
| grinding was effortless to me. It was as if this type of
| activity was replenishing my energy reserves instead of
| making me tired. I rarely needed to take breaks and indeed
| frequently forgot to eat or sleep when deep in my sessions.
| So it wasn't a struggle at all, but it was still a grind I
| would say. Or maybe I am misunderstanding the word and it
| would be better to say it was a lot of time spent, at the
| very least.
|
| I don't think anyone can do this, I think you need to have
| that connection with programming where it is harder resist
| it than it is to do the work. But it doesn't mean people
| like the author of the article have a secret sauce and them
| recounting their experience to their peers to inspire them
| isn't worth much to them as a result I would expect. It's
| the "draw the rest of the fucking owl" type a thing I
| think.
|
| BTW I don't mean to say I was a super duper genius as a
| teenager for whom programming was like breathing. I refused
| to study anything, I only enjoyed discovering things myself
| and I had no direction in my programming knowledge
| collection at all. A more disciplined person would have
| beaten me easily, and many have. Despite the ease with
| which programming came to me I didn't do that much
| productive stuff. I was mostly just having immense amounts
| of fun and joy. I do feel a bit sad sometimes about not
| getting a bigger edge now, but realistically, when push
| comes to shove, I wouldn't change it anyway.
| geospatialover wrote:
| the fact that you're in high school is incredible. keep it up!
| phero_cnstrcts wrote:
| Not many make it that far!
| xg15 wrote:
| > _When making an IDS registration request, a binary blob called
| "validation data" is required. This is essentially Apple's
| verification mechanism to make sure that non-Apple devices cannot
| use iMessage._
|
| I wonder, will this be in violation of the EU's DSA and/or DMA
| once they are in force?
| Longhanks wrote:
| DSA and DMA do not magically grant you the permission to do
| whatever you want with Apple's servers, nor force they Apple
| into having to serve any particular valid response to the
| requests you make.
|
| In whatever way Apple is going to comply with DSA and DMA, this
| ain't it.
| xg15 wrote:
| I don't know the legal text, but improving interop
| specifically between messaging services seems to be a goal of
| the DMA, according to the EU parliament [1]:
|
| > _Interoperability between messaging platforms will improve
| - users of small or big platforms will be able to exchange
| messages, send files or make video calls across messaging
| apps._
|
| Lock-in mechanisms like the above would at least run counter
| to that goal.
|
| I also think that enforcing device restrictions on a
| messaging service is more problematic than on some random
| API: Messengers are subject to the network effect and usually
| you can't freely choose which messenger you want to use - it
| depends on which one the people you want to talk with are on.
|
| In an extreme case, some person or business could choose to
| exclusively communicate using iMessage. Then you'd have to
| buy an iPhone just to be able to reach them. This seems like
| exactly the kind of interop problem the EU is concerned
| about.
|
| [1] https://www.europarl.europa.eu/news/en/headlines/society/
| 202...
| turquoisevar wrote:
| European regulations work on a policy level not on a
| technical level.
|
| In other words, Apple having technical limitations isn't
| illegal per se, Apple refusing to facilitate
| interoperability might be illegal (although future RCS
| adoption will meet the requirements).
|
| The above assumes that iMessage meets the regulations
| threshold, which it currently doesn't according to Apple
| based on user numbers, but that's a different debate.
| cqqxo4zV46cp wrote:
| Especially now that iOS is getting RCS. First-party cross-
| platform iMessage is nothing more than a nerd's pipe-dream.
|
| And I'm completely fine with that.
| bentt wrote:
| OMG I love this. Go get em! Also, this is perfect material for
| Hack Club. You should join! https://hackclub.com/
| cynicalsecurity wrote:
| > In order to generate the "validation data", pieces of
| information about the device such as its serial number, model,
| and disk UUID are used.
|
| Sadly, this is a clear sign the project is going to stop working
| eventually. At some point, the Apple is simply going to pull the
| plug.
|
| I remember doing similar tricks when I was a kid. Nowadays I
| simply won't even care trying. The problem clearly isn't supposed
| to be solved this way. I'm not even sure if it's a good exercise
| in programming either. Software development is about doing the
| things the right way, not exercising in futility.
|
| A better experience would be writing your own message delivery
| solution, superior to iMessage.
| jowea wrote:
| I get it and it may be true in this case that Apple can too
| easily pull the plug, adversarial interoperability has a long
| history: https://www.eff.org/deeplinks/2019/06/adversarial-
| interopera...
| ianlevesque wrote:
| The messaging space also had the amazing Adium client during
| the last round of messaging wars, and less amazing Trillian
| as reverse engineered clients distributed or sold. I for one
| am excited to see this space heating back up.
| selykg wrote:
| Trillian used to be amazing. It is up there in my memory as
| about as life changing as Winamp was for me personally.
| joshmanders wrote:
| I remember being jealous I couldn't use Trillian because
| I didn't have a way to pay for it. Running AIM, ICQ and
| MSN all at the same time.
| selykg wrote:
| Ah man, it was glorious. I was really just in awe at how
| I could talk to all my various friends in one app,
| regardless of which platform they were on. Such a great
| app. I recently went to the webpage for the app and see
| it's sort of a shell of its former self and is some sort
| of business tool now. Kind of a bummer, but such fond
| memories of how amazing it was back in the peak of the
| various instant messaging tools, before unlimited text
| messaging was an affordable option.
| panzi wrote:
| And Miranda and Kopete and more. Might have used them all
| at some point.
| dinobones wrote:
| "I remember doing similar tricks when I was a kid. Nowadays I
| simply won't even care trying. The problem clearly isn't
| supposed to be solved this way."
|
| This level of snark is undeserved, and a subtle amount of
| bitterness/jealousy leaks through.
|
| Even if this stops working, this was a fantastic exercise to
| learn and practice reverse engineering.
|
| "The problem clearly isn't supposed to be solved this way." No
| duh, there is no public iMessage API and not even the EU can
| make that happen. There is nothing wrong with *hacking* a
| solution to a problem.
|
| "Software development is about doing the things the right way,
| not exercising in futility." LOL what? Okay thanks Agent Smith,
| have fun at your BigCo job installing Norton antivirus and
| pinging me about updating my laptop every 2 weeks.
| nrb wrote:
| > Even if this stops working, this was a fantastic exercise
| to learn and practice reverse engineering.
|
| I agree in principle, but I'd try to avoid running afoul of
| the Computer Fraud and Abuse Act against one of the most
| deep-pocketed legal teams in the history of capitalism.
|
| Extremely impressive work, but whether it's worth the
| potential risk is another story, personally speaking.
| zer0zzz wrote:
| I think the engineering on this project is a great step
| forward, I am not a lawyer but I think it's possibly actually
| _especially_ a step forward if Apple pulls the plug on this
| because it will add that much more ammunition to the case
| regulators have against Apple using their services as
| gatekeepers.
| wizerdrobe wrote:
| > "I remember doing similar tricks when I was a kid. Nowadays
| I simply won't even care trying. The problem clearly isn't
| supposed to be solved this way."
|
| For some, being a hacker is a fashion and a phase. Much like
| being a punk.
| mrpippy wrote:
| To me, the more concerning paragraph is the next one:
|
| > Note: The binary that generates this "validation data" is
| highly obfuscated. pypush sidesteps this issue by using a
| custom mach-o loader and the Unicorn Engine to emulate an
| obfuscated binary. pypush also bundles device properties such
| as the serial number in a file called data.plist, which it
| feeds to the emulated binary.
|
| The binary being emulated was extracted from an old macOS
| version and is hosted on GitHub:
| https://github.com/JJTech0130/nacserver. Apple obviously holds
| the copyright on this binary, and issuing a takedown would be
| the easiest way to sink this project. I wonder if the Beeper
| Android app also includes the file, that would be legally
| problematic.
| haswell wrote:
| > _Software development is about doing the things the right
| way, not exercising in futility._
|
| I strongly disagree on the first point, and mostly disagree on
| the second. The first point is antithetical to the hacker
| mindset.
|
| Software development is about solving problems using computers
| and code. Some of the most interesting and impactful work I've
| done involved doing things the "wrong" way as a way to get
| people's attention. Some of these prototypes raise awareness.
| Some of them become the precursor to a project that does things
| "right". And sometimes, just getting something to work is the
| only thing that really matters.
|
| Software development is also about trying things and seeing
| what works for the sake of learning about it. I've written tons
| of code that never made it to production, but the act of
| writing it taught me so much that the time was well spent.
|
| > _A better experience would be writing your own message
| delivery solution, superior to iMessage._
|
| This completely misses the point. People don't want a better
| experience. They just want to use iMessage on Android. They
| want to be part of the blue bubble group chats.
|
| Building a new "superior" solution just creates another
| iteration of the current problem and solves nothing.
| vinniepukh wrote:
| wow, haven't read something this off-base ina while
| curt15 wrote:
| >I'm not even sure if it's a good exercise in programming
| either. Software development is about doing the things the
| right way, not exercising in futility.
|
| Reverse engineering is a valuable art that can't be learned
| just from a canonical reference for "the right way". It
| cultivates the same skills used in debugging.
| hn_throwaway_99 wrote:
| > I remember doing similar tricks when I was a kid. Nowadays I
| simply won't even care trying. The problem clearly isn't
| supposed to be solved this way.
|
| Not to be too harsh (maybe to be a somewhat harsh given I had
| such a distaste for what you wrote?), but why would you post
| this on a site called _Hacker_ News? I can 't think of a
| _better_ implementation of the "hacker ethos" than this
| project: look at a hard problem, and when the "straightforward"
| approach doesn't work, find a workaround.
|
| More to your specific point about "Apple is simply going to
| pull the plug", there are technical and business reasons why
| they might not want to, at least not quickly. First, as
| mentioned in the other Beeper thread, there are lots of older
| Mac devices without a secure enclave, and breaking Beeper would
| likely break them as well. Second, from a business and
| regulatory perspective, Apple might have to do a careful dance
| regarding how to shut this down without looking blatantly anti-
| competitive.
| jamesdepp wrote:
| pypush, the open source project behind today's developments in
| the iMessage reversing news, is licensed under MongoDB's Server
| Side Public License and owned by Beeper (JJTech sold the rights
| to Beeper, per discord). Although this library is fantastic, I do
| think that the extremely copyleft license could have implications
| on where we see this used.
| wmf wrote:
| Time for some reverse reverse engineering.
| dinobones wrote:
| Reverse engineering iMessage has been touted as some holy grail
| meme for what... 10+ years now?
|
| So proud that a high school student was the one to finally figure
| it out.
|
| In a world of 100s of thousands of software engineers,
| "Cybersecurtiy professionals", and so on.
|
| A kid with almost no credentials out-innovates everyone because
| they have talent and focus. Literally _Hacker_ News! My favorite
| kind of news.
| Thoreandan wrote:
| So... anyone gonna make a libpurple plug-in?
| maqp wrote:
| Gonna repeat myself since iMessage hasn't improved one bit after
| four years. I also added some edits since attacks and Signal have
| improved.
|
| iMessage has several problems:
|
| 1. iMessage uses RSA instead of Diffie-Hellman. This means there
| is no forward secrecy. If the endpoint is compromised at any
| point, it allows the adversary who has
|
| a) been collecting messages in transit from the backbone, or
|
| b) in cases where clients talk to server over forward secret
| connection, who has been collecting messages from the IM server
|
| to retroactively decrypt all messages encrypted with the
| corresponding RSA private key. With iMessage the RSA key lasts
| practically forever, so one key can decrypt years worth of
| communication.
|
| I've often heard people say "you're wrong, iMessage uses unique
| per-message key and AES which is unbreakable!" Both of these are
| true, but the unique AES-key is delivered right next to the
| message, encrypted with the public RSA-key. It's like transport
| of safe where the key to that safe sits in a glass box that's
| strapped against the safe.
|
| 2. The RSA key strength is only 1280 bits. This is dangerously
| close to what has been publicly broken. On Feb 28 2023, Boudet
| et. al broke a 829-bit key.
|
| To compare these key sizes, we use
| https://www.keylength.com/en/2/
|
| 1280-bit RSA key has 79 bits of symmetric security. 829-bit RSA
| key has ~68 bits of symmetric security. So compared to what has
| publicly been broken, iMessage RSA key is only 11 bits, or, 2048
| times stronger.
|
| The same site estimates that in an optimistic scenario,
| intelligence agencies can only factor about 1507-bit RSA keys in
| 2024. The conservative (security-consious) estimate assumes they
| can break 1708-bit RSA keys at the moment.
|
| (Sidenote: Even the optimistic scenario is very close to 1536-bit
| DH-keys OTR-plugin uses, you might want to switch to OMEMO/Signal
| protocol ASAP).
|
| Under e.g. keylength.com, no recommendation suggest using
| anything less than 2048 bits for RSA or classical Diffie-Hellman.
| iMessage is badly, badly outdated in this respect.
|
| 3. iMessage uses digital signatures instead of MACs. This means
| that each sender of message generates irrefutable proof that
| they, and only could have authored the message. The standard
| practice since 2004 when OTR was released, has been to use
| Message Authentication Codes (MACs) that provide deniability by
| using a symmetric secret, shared over Diffie-Hellman.
|
| This means that Alice who talks to Bob can be sure received
| messages came from Bob, because she knows it wasn't her. But it
| also means she can't show the message from Bob to a third party
| and prove Bob wrote it, because she also has the symmetric key
| that in addition to verifying the message, could have been used
| to sign it. So Bob can deny he wrote the message.
|
| Now, this most likely does not mean anything in court, but that
| is no reason not to use best practices, always.
|
| 4. The digital signature algorithm is ECDSA, based on NIST P-256
| curve, which according to https://safecurves.cr.yp.to/ is not
| cryptographically safe. Most notably, it is not fully rigid, but
| manipulable: "the coefficients of the curve have been generated
| by hashing the unexplained seed c49d3608 86e70493 6a6678e1
| 139d26b7 819f7e90".
|
| 5. iMessage is proprietary: You can't be sure it doesn't contain
| a backdoor that allows retrieval of messages or private keys with
| some secret control packet from Apple server
|
| 6. iMessage allows undetectable man-in-the-middle attack. Even if
| we assume there is no backdoor that allows private key /
| plaintext retrieval from endpoint, it's impossible to ensure the
| communication is secure. Yes, the private key never leaves the
| device, but if you encrypt the message with a wrong public key
| (that you by definition need to receive over the Internet), you
| might be encrypting messages to wrong party.
|
| You can NOT verify this by e.g. sitting on a park bench with your
| buddy, and seeing that they receive the message seemingly
| immediately. It's not like the attack requires that some NSA
| agent hears their eavesdropping phone 1 beep, and once they have
| read the message, they type it to eavesdropping phone 2 that then
| forwards the message to the recipient. The attack can be
| trivially automated, and is instantaneous.
|
| So with iMessage the problem is, Apple chooses the public key for
| you. It sends it to your device and says: "Hey Alice, this is
| Bob's public key. If you send a message encrypted with this
| public key, only Bob can read it. Pinky promise!"
|
| Proper messaging applications use what are called public key
| fingerprints that allow you to verify off-band, that the messages
| your phone outputs, are end-to-end encrypted with the correct
| public key, i.e. the one that matches the private key of your
| buddy's device.
|
| 7. iMessage allows undetectable key insertion attacks.
|
| When your buddy buys a new iDevice like laptop, they can use
| iMessage on that device. You won't get a notification about this,
| but what happens on the background is, that new device of your
| buddy generates an RSA key pair, and sends the public part to
| Apple's key management server. Apple will then forward the public
| key to your device, and when you send a message to that buddy,
| your device will first encrypt the message with the AES key, and
| it will then encrypt the AES key with public RSA key of each
| device of your buddy. The encrypted message and the encrypted
| AES-keys are then passed to Apple's message server where they sit
| until the buddy fetches new messages for some device.
|
| Like I said, you will never get a notification like "Hey Alice,
| looks like Bob has a brand new cool laptop, I'm adding the
| iMessage public keys for it so they can read iMessages you send
| them from that device too".
|
| This means that the government who issues a FISA court national
| security request (stronger form of NSL), or any attacker who
| hacks iMessage key management server, or any attacker that breaks
| the TLS-connection between you and the key management server, can
| send your device a packet that contains RSA-public key of the
| attacker, and claim that it belongs to some iDevice Bob has.
|
| You could possibly detect this by asking Bob how many iDevices
| they have, and by stripping down TLS from iMessage and seeing how
| many encrypted AES-keys are being output. But it's also possible
| Apple can remove keys from your device too to keep iMessage
| snappy: they can very possibly replace keys in your device. Even
| if they can't do that, they can wait until your buddy buys a new
| iDevice, and only then perform the man-in-the-middle attack
| against that key.
|
| To sum it up, like Matthew Green said[1]: "Fundamentally the
| mantra of iMessage is "keep it simple, stupid". It's not really
| designed to be an encryption system as much as it is a text
| message system that happens to include encryption."
|
| Apple has great security design in many parts of its ecosystem.
| However, iMessage is EXTREMELY bad design, and should not be used
| under any circumstances that require verifiable privacy.
|
| In comparison, Signal
|
| * Uses Diffie Hellman + Kyber, not RSA
|
| * Uses Curve25519 that is a safe curve with 128-bits of symmetric
| security, not 79 bits like iMessage.
|
| * Uses Kyber key exchange for post quantum security
|
| * Uses MACs instead of digital signatures
|
| * Is not just free and open source software, but has reproducible
| builds so you can be sure your binary matches the source code
|
| * Features public key fingerprints (called safety numbers) that
| allows verification that there is no MITM attack taking place
|
| * Does not allow key insertion attacks under any circumstances:
| You always get a notification that the encryption key changed. If
| you've verified the safety numbers and marked the safety numbers
| "verified", you won't even be able to accidentally use the
| inserted key without manually approving the new keys.
|
| So do yourself a favor and switch to Signal ASAP.
|
| [1] https://blog.cryptographyengineering.com/2015/09/09/lets-
| tal...
| astrange wrote:
| > 7. iMessage allows undetectable key insertion attacks.
|
| https://security.apple.com/blog/imessage-contact-key-verific...
| edweis wrote:
| More and more often, I see titles that are not capitalized.
|
| Is it a new trend ?
| ChrisMarshallNY wrote:
| I just got done adding APNs to one of my dashboard apps.
|
| It's a wicked pain in the butt, but I finally got it. The
| trickiest part was the backend server, which I implemented in ...
| _gasp_ PHP. I didn 't want to load in a whole SaaS, in order to
| do a very simple push notification, so I had to learn to do it
| from scratch.
|
| In the process, I learned that there's quite a bit of wrong
| information out there, and the Apple docs ... leave something to
| be desired.
|
| But it works, and the code is actually wicked simple.
|
| That said, I don't plan to leverage it much. I'm actually glad
| that it's a pain, because I don't want every spammer on Earth,
| pushing ads to my phone. One of the takeaways from the
| experience, is that it is quite clear that Apple knows where
| every one of its devices are, and only an idiot would steal them.
| devaiops9001 wrote:
| iPhone users can use Signal app or https://SimpleX.chat if they
| want to chat with me. If a woman actually wants to go on a date
| with you she'll be available on Signal, otherwise take the f**ing
| hint: she's just not that into you.
|
| SMS and iMessage are both prole tier.
| local_crmdgeon wrote:
| What
___________________________________________________________________
(page generated 2023-12-05 23:00 UTC)