And as with all things regarding his Beijing paymasters, Comrade Tim will remain obediently silent while vociferously soapboxing to the rest of the world how his company cares deeply about human rights
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
AirDrop 'Cracked' By Chinese Authorities to Identify Senders
- Thread starter MacRumors
- Start date
- Sort by reaction score
The US government cracking phones and spying on your cellphone meta data is ok with you.
Comparing the US to China is bizarre. Two countries with very different ideals regarding freedom.
There is a stark difference between prisons full of political prisoners and targeting private communications for criticizing the government and actual criminal investigation subject to a FISA warrant.
Let's not confuse evil with bureaucratic.
Furthermore, when the FBI was unable to get into a terrorist iPhone, they sued Apple. Note, they didn't arrest Apple executives and have their children go missing. China is an evil regime that doesn't value human life or any sort of freedom. They only thing China values is the dollar and their own power.
Last edited:
That is a bad idea to ban logging like that as that is a major tool for software development you are removing.
The underling issue is a bug in Apple's masking software for privacy and it was able to be cracked. That is the large security flaw here. Apples software has a massive security hole in it it.
Woah woah woah… iPhone device logs can be analyzed remotely?
No?
So… one would have to have access to the phone?
Hm.
For a moment, I forgot that anyone talking about bypassing a phone’s security for anything usually means “getting their hands on the device”, first. Pretty much anything after obtaining physical access is possible with enough effort, so by “bypassed security” they mean “We have ways of getting people’s phones”.
Oh, and as we’re talking about China, even if they have NOT bypassed the security, just putting the information out there will still provide the chilling effect they intend to produce.
It doesn’t really boggle the mind, though.
If anyone wants to produce hundreds of millions of things, a LOT of different supply chains have to come together to make that happen. China has been focused on being a locus point for those supply chains for decades. Supply chains and manufacturing capacity of that scale would take a similarly long time to come to fruition in any other country, and China’s got a several decades lead.Fortunately, other countries ARE getting into the manufacturing game. But in many cases, it’s by way of Chinese ran companies simply expanding into those countries. For a long time to come, the world will continue to be reliant on China, even if the devices are being built in non-Chinese countries.
Something tells me that China is not going to be all that forthcoming regarding letting people know how this “exploit” is performed.
If I see a ghub created for it, I’ll be shocked!I hope not. Most of the issues could be solved software wise by basically increasing the rotation rate of the salting and the hash to tie it to a user. Plus do not link things together. It makes it harder to reverse big time if the links get broken more often. It can not be reverse. Plus fix the issue of the mask in Apple logging software.
I doubt it gets fixed or fixed anytime soon. There are likely far more serious remote and zero-tap remote exploits that we don’t know about that are far more critical for Apple to focus on first. I’d bet that any exploit that requires physical access and/or authentication gets pushed to the bottom of the pile.
Again, and that’s ONLY if this is an actual physical access exploit and not just something China is communicating to make their citizens fear using the service.
I totally believe that part on access to the device. Just to me this could be a privacy thing in in the logging frame works as well and apple airdrop making it possible for this to leak out.
The idea of removing logging as a solution is such a bad idea and in the end their are many many things that just get hammered when that that happens.
App metrics get dropped as that requires logging to do it. Apple has a lot of logging in their own stuff so that is even hit.
I am dreading people screaming to ban the use of things like firebase and other crash related software people put in. Apples crash stuff is not that great honestly and such a small % of user even allow it making it hard to chase down some reported bugs.
Cannot believe that it has not been fixed until now. Hope Apple fixes the flaw in iOS 18 at least.
That actually happened to someone who:
-received 'inapprpropiate consent' through a WhatsApp group msg,
-had auto backup to OneDrive turned on in WhatApp settings,
-got suspended by Microsoft for said content in OneDrive,
-never got his files back from OneDrive, including Outlook, Office stuff (basically MS365),
-is unable to get a new sw license to use MS365.
One might say this can happen to anyone (a simple backup setting turned on).
One might say everyone should be careful and thoughtful about their app settings.
One might go one tiny step further, to say everyone should rethink EVERYTHING.
Unless you're cool with 100% of your stuff being 100% open to 100% of the public.
But of course "if you don't have anything to hide, why would you care?!".
👍
Yep and notice how quiet this thread is? Where’s the sheep? Where’s the fanboys?
”privacy”
At least Google admit what they are. Stop pretending Apple.
Baa.
Apple’s 10 minute limitation on “Everybody” mitigates this to a large degree. And, from the description of the proposed fix for the exploit, an attacker would already have to have knowledge of at least one end of the communication (from prior non-Apple surveillance) in order to ensure that the attacker shows up on the target’s contact list. So, while the story makes it sound like “they can just sit somewhere and get information” they are more than likely obtaining information about the target via other means and THEN tracking that person and targeting them in particular. It’s unlikely that this is being used en masse against a broad number of folks that they don’t already have info on.
One must always remember that “Security Researchers” idea of security is a device that’s turned off, in a lead box, in a faraday cage, in a safe deposit box where no one has they key or combination. It’s not their job to understand how to deliver working products to market that customers like to use. Their job isn’t “where’s the balance”. Their job is, “Did you know that your house is insecure because your address is public? The solution is to obscure your address everywhere. You won’t be able to get mail/packages and certain services will be more difficult to enable, but you’ll be more secure!”
Last edited:
