Security and privacy are especially laughable since iMessage encryption lacks forward secrecy (all your messages throughout time are encrypted with the same keys), and just today we find the encryption hardware on Macs is fatally flawed and can be hacked by a user-mode process (no admin/root privelege required). Oh, and it’s un-patchable because it’s in the hardware itself.
Eeeeehhhhhh… you can’t really fault a company for a previously unknown hardware defect going against their stated principles. That’s like faulting the devs of OpenSSH for their principle of security because CVE-2023-38408 existed for years.
Hate on Apple for legitimate things, of which there are many.
Security and privacy are especially laughable since iMessage encryption lacks forward secrecy (all your messages throughout time are encrypted with the same keys), and just today we find the encryption hardware on Macs is fatally flawed and can be hacked by a user-mode process (no admin/root privelege required). Oh, and it’s un-patchable because it’s in the hardware itself.
The new encryption standard apple is using for iMessage achieves forward secrecy.
https://security.apple.com/blog/imessage-pq3/
“The first ratchet, called the symmetric ratchet, protects older messages in a conversation to achieve forward secrecy.”
@technology Wow! I always though Apple was awful for privacy (close source and what not), but I though they at least had pretty good security.
Eeeeehhhhhh… you can’t really fault a company for a previously unknown hardware defect going against their stated principles. That’s like faulting the devs of OpenSSH for their principle of security because CVE-2023-38408 existed for years.
Hate on Apple for legitimate things, of which there are many.