Apple is Fixing the iMessage Flaw That Allows Hackers to Steal Images

Apple’s smartphones are notoriously difficult to hack, but this does not mean that they are completely immune to exploits. Few things really are. Recently, a team of researchers from John Hopkins University have detected a vulnerability that allows hackers to intercept and decrypt images and videos sent using iMessage – Apple’s popular instant messaging app. Usually, the exploit should only work on OS versions older than iOS 9, but John Hopkins professor Matthew D. Green has recently stated that hackers could still make use of a modified exploit in order to take over the iOS 9 version of iMessage.

Even though the hacking team in question would need to have considerable resources at its disposal, the hacking method itself is not necessarily too complex, as it relies on a special software that emulates an Apple server. Targeted messages and videos on iMessage are protected only by 64-bit encryption, and the system was not designed to lock out invaders after several failed decryption attempts. Fortunately, Apple is currently working on a fix for this problem, and just in case you rely on iMessage a lot for your daily messaging needs, you should definitely keep an eye out for available updates. Apple has issued the following statement on the matter:

“We appreciate the team of researchers that identified this bug and brought it to our attention … security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”

End-to-End Encrypted iMessages Can Still be Read by Apple

Apple’s approach to user security is admirable – though its dedication to end-to-end encryption could see its smartphones banned in California – but despite its iMessage service – an instant messaging app used for communications between Apple devices – seeming impenetrability, there is one loophole that could leave user messages available for Apple to access, The Hacker News reports.

Apple users that utilise iCloud Backup could find that their iMessage chats, which are usually protected from interception via end-to-end encryption, are uploaded to Apple’s servers in plain text form. So, while the act of sending a message remains perfectly safe, backing up these messages leaves them potentially open to exposure.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose in a 2014 interview. “It is encrypted, and we do not have a key.”

Apple does, however, possess encryption keys for user’s iCloud accounts. Should an iCloud account be subpoenaed, Apple would be forced to hand over that information.

The vulnerabilities of iCloud accounts led to such unfortunate incidents as “The Fappening”, when hackers gained access to a number of celebrity iCloud accounts that had failed to implement two-step security verification, and posted the private nude photos that were found there.

UK’s WhatsApp Ban Ruled Unlawful

UK Prime Minister David Cameron plans to ban any online messaging platform that uses end-to-end encryption, such that it would be unreadable by the country’s intelligence services, has been deemed “inconsistent with [European Union] law”. Messaging apps that use end-to-end encryption, such as the popular WhatsApp, Apple’s iMessage, and image sharing platform Snapchat, are protected under the EU’s Article Eight of the European Convention on Human Rights. Home Secretary Teresa May, creator of the Data Retention and Investigatory Powers Bill – or ‘Snooper’s Charter’ – has, however, appealed the decision.

The ‘Snooper’s Charter’ has been met with vocal opposition from both users and tech companies alike. Apple CEO Tim Cook declared that his company has “never worked with any government agency from any country to create a backdoor in any of our products or services […] and we never will.”

“In our country, do we want to allow a means of communication between people which, even in extremis, with a signed warrant from the home secretary personally, that we cannot read?” David Cameron said back in January. “Are we going to allow a means of communication where it simply isn’t possible to do that? And my answer to that question is no we must not. The first duty of any government is to keep our people and our country safe,” he added, using the age-old trick of citing terrorism prevention to infringe on civil liberties, despite the fact it doesn’t work.

Even MP for Uxbridge and South Ruislip and Nazi poster boy Boris Johnson is towing the Tory Party line of not giving a damn about human rights, saying, “I’m not interested in this civil liberties stuff. If they’re a threat, I want their emails and calls listened to.”

For all its faults, the European Union is the only body standing up for privacy and human rights in the face of Owellian levels of mass surveillance. Long may that continue.

Thank you The Express for providing us with this information.

David Cameron Plans to Ban WhatsApp

Since Edward Snowden spilled the beans on how government agencies spy on us, a lot of companies took precautions in preserving users’ privacy when using their apps. But it seems that will be made illegal and such apps look to be banned in the future, at least in the UK, according to Prime Minister David Cameron.

The PM plans to pass a new legislation by the name of “Snoopers’ Charter”, which will have popular cross-platform messaging and social media apps banned. The first one on the list seems to be WhatsApp, but the legislation looks to prevent people from sending any form of encrypted messages and has iMessage, as well as SnapChat in its sight too.

“In our country, do we want to allow a means of communication between people which we cannot read?” said Prime Minister Cameron .”My answer to that question is: ‘No, we must not’.”

It is said that if the legislation passes, all three aforementioned services will be banned in the UK. Furthermore, all Google searches, Facebook conversations, WhatsApp group messages and even SnapChat videos will be available to the UK police and Government officials when they want to ‘browse’ through them. But is this really for the best? Do we need to compromise our privacy for security? Or are we giving away our security along with our privacy? Let us know what you think.

Thank you Express for providing us with this information

iMessage Bug Used to Crash iPhones at Will

People have discovered a new old flaw in iMessage that allows you to crash basically any iPhone at will. I say new old because the flaw already was known back in iOS 6 and IS X 10.8.

People are currently using this flaw to abuse and annoy their friends by creating panic over crashing systems and it is effectively an SMS bomb. Send the right characters to an iPhone and it crashes and turns off.

An SMS bomb is exactly what it sounds like. A lot of messages sent quickly in a row, as many as you specify, to whomever you want. The text sent is simple and only about 10 bytes long. You can even specify a delay between the messages. Apps that use this are available and are being used. Bomb someone with 100+ messages and their phone locks up.

This one is a little different as it actually uses a bug in Apples CoreText that’s also known as Unicode of Death. If you should have been affected and can’t get back into your iMessages then just send that person any random image from your gallery app and you should be back in action.

Depending on how important the feature is to you, you might want to disable iMessage under Settings > Messages > iMessage on your iPhone until Apple releases a patch to fix the issue.

Remember that this could be fun for a joke, but don’t abuse this as it has potential to create trouble.

Thank you Reddit for providing us with this information

Apple Finally Letting Users De-Register iMessage Account

Apple has just announced their new website, enabling users to de-register their iMessage service – helping users unbind their telephone numbers from the Apple-only offering.

This website has been developed to solve the issue of when a user stops using their iPhone and switches to another device, their registered iMessage number may conflict with the new messages they wish to send to their friends through their updated device. The “Deresgister iMessage” website provides a step by step guide on how to log off the iMessage service and allows them to enter their new information on the website – sending them a confirmation message to lift the iMessage binding.

Previously there were reports of users deactivating their iPhone only to have their iMessage account stay bound to their phone number against their will – these reports range all the way back to 2011 when Apple first released the iMessage platform. Since the beginning of 2014, Apple had promised they would provide a simplistic way to opt-out of this service, taking them a rather long 11 months to process to completion.

When comparing this to Google Hangouts or Blackberry’s BBM offerings, it’s quite different. iMessage is only applicable to Apple devices (including ‘Face Time’), where as hangouts and BBM operate through third-party app software to be used in different technologies.

Although quite late to the game, it’s good to see that Apple has fixed one of their niggling issues.

Image courtesy of Chiphell

Apple Releases a Tool to Remotely Deregister iPhones from iMessage

 

 

Got rid of your iPhone and you’ve found you’re not receiving text messages from friends? No problem, as Apple quietly released a tool yesterday that makes solving the problem a lot easier.

Ever since Apple introduced iMessage in iOS 5, people have complained about text messages from other iPhone users not being delivered to their new non-Apple phones at all. The problem stemmed from the fact that those who didn’t remove iMessage from their old devices after getting rid of them, still had text messages from other iOS devices being routed to that phone. So even if their number was now registered to an Android phone, Apple’s servers still associated that number with an iMessage account, meaning texts would be sent to the iMessage server instead of the Android phone.

Early on in the history of iMessage, this problem didn’t only cause frustration, it also caused some rather big privacy concerns, after it was found that some users had their text messages routed to a new owner, or even worse, a thief.

The only way to fix this prior to now, was to go through the hassle of completely deregistering the iPhone from your Apple ID. This new system provides a handy webpage in which users only have to enter the phone number associated with iMessage to solve the problem. You’ll be sent a confirmation code to that phone number, with which you then enter on the site, making your worries about disappearing text messages a thing of the past.

Source: The Verge

Android 4.4 To Let You Set A 3rd Party Messaging App As Default

The Android 4.4 KitKat update is getting near and we are all excited to see what comes out of the brain trust over at Google. One feature that they have confirmed is the ability for users to choose a third-party app as their default SMS or MMS app. This has of course never been available before.  Google notes that many third-party SMS and MMS apps have already been made using workarounds to gain access to users’ text messages, a method that it doesn’t quite condone. The specific changes which have been made are to SMS_DELIVER_ACTION and WAP_PUSH_DELIVER_ACTION, SMS and MMS respectively, which will only work with one app at a time starting with Android 4.4.

The details come amid rumours that Google will also begin bundling SMS and MMS messaging right into its Hangouts app, creating a competitor to Apple’s iMessage. It also reports that Google will do away with Android’s traditional Messaging app, leaving Hangouts as the only built-in text messaging option for Nexus devices. This is something we have wanted for some time, as Google have struggled somewhat to encompass all their messaging platforms into a single solution.

Thank you NextPowerUp and BandwithBlog for providing us with this information.