In a significant breach of Apple’s privacy measures, a new report says that AirDrop was cracked by the Chinese government,...

The Beijing institute developed the technique to crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content, the city’s judicial bureau said in an online post. Police have identified multiple suspects via that method, the agency said, without disclosing if anyone was arrested. “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences,” the bureau said.

Further read: https://sfj.beijing.gov.cn/sfj/sfdt/ywdt82/flfw93/436331732/index.html

Southern Wolf
link
fedilink
1010M

While I have little respect for Apple’s overall privacy practices, this sounds a lot like the CCP making something up to scare protesters and dissidents from using AirDrop. There’s no sensible reason they would be advertising such an exploit openly, especially when it could potentially be used to secretly spy on dissidents, protesters, or even used in foreign espionage. Something doesn’t sit right with this.

Well if Apple doesn’t fix it, like they haven’t fixed the iMessage flaws) they’ve known about for years, then it’s still useful.

And most people won’t even know of this issue, and they’d still use Airdrop anyway, saying “I’m not interesting enough to spy on”.

iMessage lacks forward secrecy, so if I get your RSA key which never changes, I can read all your old messages and any new ones too. And that’s just one issue with iMessage. And people don’t know about it, and still use it, thinking it’s secure. (it’s pretty good in my opinion, just wish Apple would fix the issues linked article).

Possibly linux
link
fedilink
3
edit-2
10M

Probably not a reliable source but you should still use Foss with strong encryption (RSA2048+ ideally)

Apple has been taking massive Ls after Ls wrt the security of their iPhones in recent times. It’s almost as if magically branding your products “private and secure” doesn’t work.

Finding an exploit created by state-level actor is not a massive L. They have shown in the past that they are able to hack air gaped systems, weaken commonly used security standards and implant vulnerabilities into commercial software. I don’t think you will find a company that is immune to this. Other than that, did they really have so many security issues recently?

@hottari@lemmy.ml
link
fedilink
2
edit-2
10M

Read the article. The exploit was found by the state actors not created by them. Apple is ultimately responsible for the mishap due to the insecure design of the aforementioned feature.

Even though China partially had a hand in the creation of this flaw according to the history of the feature.

And yes, Apple has been a constant feature on the news for such privacy leaks of late. You just haven’t been paying attention.

If state actor would create it it would be a backdoor. Exploits are by definition bugs/security issues that can be… well, exploited and state-level actors are really good at finding them. Still, if it takes resources of state actor to find an exploit I don’t think it’s a massive L. Yes, it’s totally possible they had some other serious security issues recently and I haven’t been paying attention. That’s why I’m asking.

redfellow
link
fedilink
1
edit-2
10M

Ordering your hardware from China makes it a tad bit easier to shoehorn backdoors in it.

body_by_make
link
fedilink
510M

That’s… basically all hardware these days…

redfellow
link
fedilink
110M

Indeed 😬

Aatube
link
fedilink
110M

It’s almost as if an authoritarian nation has espionage professionals.

We just call them the US

@LWD@lemm.ee
link
fedilink
3
edit-2
9M

deleted

Oh China, you rascal.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog