back to article What was all that about a scary iMessage flaw? Your three-minute guide

– On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If you're even a little curious about cryptography and secure programming, though, it should interest and amuse you. On Sunday, the Washington Post learned that Apple had fixed a flaw in the …

  1. David Knapman

    In the usual cast of characters, Eve is usually a passive eavesdropper. For someone who takes active steps to modify the message, you'd usually be looking for Mallory.

    1. Bloakey1
      Coat

      <snip>

      "you'd usually be looking for Mallory."

      But as everybody knows, Mallory is on ice!

    2. DropBear
      Joke

      Nice writeup, but Gompie told me he's got a question: "who the f### is Alice?"

    3. diodesign (Written by Reg staff) Silver badge

      Re: David Knapman

      "In the usual cast of characters, Eve is usually a passive eavesdropper. For someone who takes active steps to modify the message, you'd usually be looking for Mallory."

      Yeah, well, Eve's stepped up her game.

      C.

  2. This post has been deleted by its author

  3. JeffyPoooh
    Pint

    You've studied the iMessage vault. Did you notice that an entire wall is missing?

    Imagine that Apple's iMessage is perfectly secure and private. Yay!

    But then, just as you're sending a very sensitive message, the wi-fi connection drops, and there's no 3G or LTE end-to-end data connection immediately available. So your iPhone's iMessage app happily sends the message by SMS (indicated by the green bubbles). Oops.

    This happens often in our household, but YMMV.

    The carrier air link may be (now considered 'weakly', formerly considered "impenetrable" LOL) encrypted, but the message needs to be passed to another carrier. Plenty of opportunity for review along the way.

    So, after you're released on parole, you double-check the settings to ensure that this "never happens again..." Then Apple updates the iOS and/or iMessage app for the Nth time, and the settings go back to their defaults.

    Another five years of porridge.

    1. imanidiot Silver badge
      Coat

      Re: You've studied the iMessage vault. Did you notice that an entire wall is missing?

      That would be 10 more. Repeat offender and all that.

    2. Anonymous Coward
      Anonymous Coward

      Re: You've studied the iMessage vault. Did you notice that an entire wall is missing?

      So you're saying the "send as SMS" option that prevents this is getting reset by iOS updates? Or is this just a hypothetical thing to be worried about just so you can claim Apple has an "entire wall" missing?

      It is optional, if you care about that much you change the option. Nothing to see here, except another Apple hater.

      1. Mark 65

        Re: You've studied the iMessage vault. Did you notice that an entire wall is missing?

        My iMessaging recently turned itself off completely, in settings, for no apparent reason and fell back to SMS. Had to re-enable it and re-enter apple id details. PITA.

  4. theOtherJT Silver badge

    "Eve must also have a bunch of domains that can serve mangled iCloud.com URLs."

    If she's got herself a malicious access point that bob here is attached to, and a server capable of masquerading as one of Apples, wouldn't she be better off just hijacking all DNS requests to iCloud.com or have I missed something?

  5. allthecoolshortnamesweretaken

    But Bob is an idiot anyway:

    http://www.theregister.co.uk/2016/03/07/verity_alice_bob_and_verity_too/

  6. Cuddles

    Never underestimate stupidity

    "who probably aren't using iMessages for anything incriminating anyway."

    They almost certainly are (assuming they use an iPhones). Politicians, CEOs, and so on are constantly using personal email and phone accounts for business, criminals happily boast about and post pictures of their exploits on Facebook, and so on. This might not be the most practical attack around, but having access to the iMessages sent by someone you want to spy on would almost certainly give you useful information.

    1. Anonymous Coward
      Anonymous Coward

      Re: Never underestimate stupidity

      Politicians and CEOs also use Android, and SMS is a lot easier to intercept - and SMS is used by iPhone users as well when they text non-iPhone users.

      Sniffing the SMS traffic will be a MUCH easier way to get incriminating dirt on people instead of going through all this trouble to get at iMessage, and will gather a lot more dirt even if 99% of politicians and CEOs were using iPhones, which we know isn't true. It is too late anyway since iOS has now been fixed against even this attack that only nation states (or elite hackers able to compromise a root CA) would be capable of.

  7. Anonymous Coward
    Anonymous Coward

    If Eve wants to know what Alice is sending to Bob, then, depending on the distribution of their genders and sexual proclivities, it might be easier for Eve to simply seduce either party, or indeed both parties, and just ask them, perhaps in the dying embers of a night of passion.

    Or maybe Eve could mug Bob and steal his phone. Especially if Bob is a wimp.

    1. Anonymous Coward
      Anonymous Coward

      Indeed.

      Almost always easier quicker and tidier to suborn an employee with sensitive access than go to all the expense of mounting a technical attack.

      But it's much easier to be seen to be doing something by spending lots of money on technical exploits and defences than trying to come up with a nearly-100%-foolproof technique for assuring totally reliable employees and squaring the 'Quis custodiet ipsos custodes?' circle.

      "Security? Yup, we're spending lotsa money on it"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like