The Beijing institute developed the technique to crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content, the city’s judicial bureau said in an online post. Police have identified multiple suspects via that method, the agency said, without disclosing if anyone was arrested. “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences,” the bureau said.

Further read: https://sfj.beijing.gov.cn/sfj/sfdt/ywdt82/flfw93/436331732/index.html

  • WhatsThePoint@lemmy.world
    link
    fedilink
    English
    arrow-up
    121
    arrow-down
    8
    ·
    edit-2
    10 months ago

    Or China is just saying they cracked Air Drop to try to scare protestors from using this feature. If they cracked it, why would they make it public that they cracked it when they could catch dissidents using it without their knowledge? Not to mention making it public puts pressure on Apple to patch it, which would destroy their access. Doesn’t make much sense to make this public if it is true.

    • Dr. Dabbles@lemmy.world
      link
      fedilink
      English
      arrow-up
      98
      ·
      10 months ago

      Whenever a government or government agency announces a successful exploit, I presume they’ve already exhausted it and moved on to another one that won’t be patched or publicly divulged for many years.

      • Possibly linux
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        4
        ·
        10 months ago

        I don’t buy it. This smells like a way of causing fear in those who want to share information.

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          edit-2
          10 months ago

          iMessage is insecure security isn’t as robust as most people think, and this has been known for years.

          People still use it

          • Possibly linux
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Most definably. My point is that the Chinese government isn’t a good source of information.

    • beta_tester@lemmy.ml
      link
      fedilink
      arrow-up
      23
      arrow-down
      1
      ·
      edit-2
      10 months ago

      It would be easy for apple to debunk this if it wasn’t true. I’d stay away from it and use proven secure means.

      • Ferk@kbin.social
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        10 months ago

        How can Apple debunk it?

        If I told you I know of a way by which I can “hack” the lock of your house to enter it, how can you prove whether I’m lying or not? Specially if I’m not willing to show you how I do it, and I haven’t given you any proof of having actually done it that you can try to dispute.

        • beta_tester@lemmy.ml
          link
          fedilink
          arrow-up
          5
          ·
          10 months ago

          sending email and phone number with each airdrop doesn’t sound right. Apple isn’t a good company but they aren’t dumb. Why would you send that info?

          • Ferk@kbin.social
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            10 months ago

            They aren’t saying that the email/number is part of the message. What the are saying is that they are able to decrypt the logs in order to identify the senders .

            It could be they cross-reference matching some internal ids / tokens / physical addresses of the devices together with all the data the Chinese government already has (or can obtain) …or it could be a bluff… who knows… there’s not enough information, and what we know is probably distorted.

  • hottari@lemmy.ml
    link
    fedilink
    arrow-up
    49
    arrow-down
    12
    ·
    10 months ago

    Apple has been taking massive Ls after Ls wrt the security of their iPhones in recent times. It’s almost as if magically branding your products “private and secure” doesn’t work.

  • Optional@lemmy.world
    link
    fedilink
    arrow-up
    23
    arrow-down
    3
    ·
    10 months ago

    Usually when one of Apple’s security measures is breached, the company would issue an update to patch it. We’d hope this will happen here, but the Chinese government is likely to apply pressure on the iPhone maker to leave the exploit unpatched – at least, on Chinese devices.

    WELL, Apple? ? . . . We’re waiting

    • rdri@lemmy.world
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      10 months ago

      Too busy protecting iOS users from iMessages of unauthorized color.

  • Southern Wolf@pawb.social
    link
    fedilink
    arrow-up
    21
    arrow-down
    6
    ·
    10 months ago

    While I have little respect for Apple’s overall privacy practices, this sounds a lot like the CCP making something up to scare protesters and dissidents from using AirDrop. There’s no sensible reason they would be advertising such an exploit openly, especially when it could potentially be used to secretly spy on dissidents, protesters, or even used in foreign espionage. Something doesn’t sit right with this.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      9
      ·
      10 months ago

      Well if Apple doesn’t fix it, like they haven’t fixed the iMessage flaws) they’ve known about for years, then it’s still useful.

      And most people won’t even know of this issue, and they’d still use Airdrop anyway, saying “I’m not interesting enough to spy on”.

      iMessage lacks forward secrecy, so if I get your RSA key which never changes, I can read all your old messages and any new ones too. And that’s just one issue with iMessage. And people don’t know about it, and still use it, thinking it’s secure. (it’s pretty good in my opinion, just wish Apple would fix the issues linked article).

  • Possibly linux
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    4
    ·
    edit-2
    10 months ago

    Probably not a reliable source but you should still use Foss with strong encryption (RSA2048+ ideally)

  • Bappity@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    edit-2
    10 months ago

    only reason that I can see why they’re saying they’ve done this has to be some kind of scare tactic

    would be a bit stupid to reveal this hand otherwise