Comment by pushcx
2 years ago
It’s quite unfortunate that Apple doesn’t allow users to uninstall iMessage, it seems to be the infection vector for advanced threats like this, NSO group, etc. Presumably it’s to avoid the support burden, but they could gate it behind having Lockdown Mode enabled for a week or something to shake out the vast majority of mistaken activations.
> unfortunate that Apple doesn't allow users to uninstall iMessage
It can be disabled via Apple Configurator, https://news.ycombinator.com/item?id=38785311
what does "uninstall iMessage" mean? you can disable iMessage right in the settings so you only receive SMSs
Which is what lockdown mode already does
Actually lockdown is better. It leaves E2E encryption alone, but restricts attachment types, which should be enough to block the initial exploit in the chain.
Disabling iMessage would fall back to SMS, allowing messages to be snooped / modified in transit.
Hopefully they’ll also have a way to disable RCS, since it allows attackers to modify messages, and also has a larger implementation attack surface than SMS.
No, Lockdown Mode doesn't disable iMessage.
"Most message attachments are blocked and some features are unavailable."
iMessage with blue bubbles still works in Lockdown Mode. I think GIFs don't display properly and certain other attachments, but I can share photos, audio clips and video so I otherwise don't really notice that Lockdown Mode is enabled.
3 replies →
I remember people were very passionately arguing iMessage can only be secure if the only client is the Apple sanctioned one
> the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.
There are different aspects of security here. iMessage is tied to a physical device, so if you want to spam people, you have to purchase and burn through iPhones.
Rate limiting phishing attacks is certainly a useful security feature, but it does nothing to protect against targeted attacks.
Can someone explain to me why we can load vast quantities of untrusted code and a wide variety of image formats in our browsers all day long and be mostly safe today, but somehow even first party messenger apps seem to be a relatively easily compromised? Why can't messenger apps be sandboxed as well as browsers?
Sending these through messaging apps is appealing because that usually requires zero user action - you just send a message and the device runs the exploit as it generates preview thumbnails.
But browser exploits require the user to visit an infected website, which is much tougher. If I recieve an email or sms with "visit applesupport.info" I'm not going to click it.
Note that the second half of this exploit chain involves going around and exploiting the web browser.
this exploit chain involved a browser vulnerability; your premise is flawed
It's all relative. Chrome has plenty of sandbox escapes. Microsoft found one lately where Chrome was passing strings from JS straight into the Windows TTS engine, which turned out to be parsing XML from it with a C++ parser that was full of memory errors.
Do you believe your other messaging apps lack vulnerabilities? What is most popular will always be most picked on.
In the face of this kind of threat, it's pretty obvious why Apple treated Beeper as a security risk and took appropriate measures to secure iMessage.
Beeper is the user's choice. And Apple is preventing other companies from providing a more secure iMessage alternative, e.g. one that doesn't even parse messages from people not in the contact list, or doesn't even parse anything without a click, etc.
Apple has had so many zero-click exploits in iMessage, yet they insist that you have to use Lockdown mode to do anything about it, and then proceed to bundle Lockdown mode with lots of potentially unwanted behavior.
I don't think there's any way to claim that Apple is just doing whats in the customer's best security interest.
>Beeper is the user's choice.
Me deciding to ride the subway to work for free is a user's choice, but that doesn't mean it's right. Using infrastructure for free because I feel like it is certainly my choice but I can't justify anger when someone makes me pay to use it since I should have paid in the first place. Currently Apple doesn't run iMessage as an open standard so it runs in "authorized riders only" mode.
>I don't think there's any way to claim that Apple is just doing whats in the customer's best security interest.
This isn't what I claimed. I claimed Apple treated unauthorized 3rd party access to their infrastructure as a security risk and worked to shore up that risk. As you pointed out, there have been plenty of zero-click exploits in iMessage. Limiting the devices sending iMessages increases security. I believe Apple doesn't allow iOS VMs in general for the same reason.
I don’t think that’s clear at all. I imagine it’s still trivial for attackers to still send specially crafted one-off payloads.
The attack vector is still smaller if Apple restricts iMessage to official devices only compared to any rooted Android phone being able to spam iMessage payloads.
The security model is basically orthogonal.
They gotta, gotta, have those blue bubbles. Some teenagers fight to get an overpriced phone solely to avoid the deep deep shame of having a green bubble when chatting.
If apple is forced to shut down iMessage being the exclusive option and have some pure SMS application they might see a sudden noticeable drop in market share.
Teenagers wanting blue bubbles and people looking to uninstall iMessage because it's a threat vector are two completely disjoint sets of people.
Absolutely - but the business interest of wanting to keep teenagers on iPhones absolutely would impede Apple from allowing users to uninstall the application.
Blue bubbles bad syndrome. Gotta bring it up when ever humanly possible.
Nvidia has a very similar green man bad syndrome going on too. As the amount of time a HN discussion on Nvidia increases, the probability of mentioning that Linus said “fuck you nvidia” approaches 1, even though it’s irrelevant to a topic, or that he's a mercurial asshole who's said a whole lot of things.
The casual fanboyism disrupts all discourse on these topics because there’s a large minority of users who have adopted what PG describes as “hater-ism” and allowed it to dominate their thinking on a topic. Negative parasocial attachment is the same process as positive parasocial attachment and just as problematic, but largely never called out.
http://www.paulgraham.com/fh.html
In short: lotta fanboys on these topics who don't even realize they're fanboys/adopting fanboy frames, because they don't realize that anti-fanboys are still parasocially attached too. And we've casually accepted the low level of discourse on these topics, and it pollutes the whole discussion of a lot of interesting topics because of who's doing them.
1 reply →
They knew exactly what they were doing when they chose that nice blue and that cheap looking green.
No they didn't, because the green was first in 2007, when iPhone only supported SMS. It was 4 years later that iMessage launched. The conversation probably went like:
"Okay well, now that we're launching an alternative to SMS, how will we distinguish iMessage messages from regular SMS messages?"
"Hm, well, SMS messages are green, so what if we picked another color?"
"Yeah okay, blue? ¯\_(ツ)_/¯"
"Sounds good, mock it up and send it to the engineers"
edit: The reason for picking green originally was probably because all the "communication"-related apps had a green color scheme, including Messages. This persists today — the app icons for Phone, Messages, and FaceTime are all green.
Never forget the icon they used for Windows servers: https://i.stack.imgur.com/5rYVr.png
1 reply →
They've already announced that they will be adding RCS support.
... And they've already announced[1] that they will be retaining the exclusive blue bubble for iMessage messages for... reasons? The green/blue bubble distinction will continue even when there is no technical difference between messages.
1. https://mashable.com/article/apple-rcs-support
10 replies →