Bad News Confirmed For 1.3 Billion Apple iMessage Users

0

Yes, Apple’s iPhone is materially more secure than Android and yes, Apple still leads the way when it comes to your privacy. But there is a huge exception to the Cupertino giant’s security- and privacy-first approach, one that impacts a billion-plus iPhone and iPad users. And we had stark confirmation this week that Apple is stubbornly refusing to step up to the plate and fix it.

We’re talking iMessage—Apple’s ubiquitous messaging platform. We all know that texting between iPhones and Androids is a pretty awful throwback to the early days of SMS. “It’s not about the color of the bubbles,” Google says. “It’s the blurry videos, broken group chats, missing read receipts and typing indicators, no texting over Wi-Fi, and more.”

But as fun as all these features would be, there’s a much more serious issue lurking in the background. iMessage has been central to Apple’s wider security challenges over the last year. Sophisticated (read national security level) cyber attacks have been found exploiting its architecture, and Apple has hardened the platform as a result. But there’s a much bigger problem that still hasn’t been fixed.

As much as we read about nation state level attacks, these impact just handfuls of users. You might be better protected from Chinese cyber-spies, but if you reuse passwords, click on dangerous links and casually open email attachments, then you, your data, your bank balance are far more at risk.

And so it is with iMessage. While Apple has sandboxed messages, plugging high-risk gaps, its end-to-end security only protects you while you stay enclosed within its ecosystem. As soon as those blue bubbles turn green, as soon as you text someone with an Android device in their hand, all bets are off.

Until fairly recently, there was no solution to this. Google had no real alternative to iMessage. The carriers were slowly deploying SMS v2, known as RCS or Rich Communication Services, but that still relied on the archaic SMS architecture that bounced from carrier to carrier, exposing data to all along the way. Google stepped in to fix this. First by taking over responsibility for driving RCS adoption across its user base. And then, critically, by introducing end-to-end encryption.

MORE FROM FORBESThis Is The Best Way To Cheat At Wordle

Google is now on a mission to embarrass/shame Apple into adopting RCS within iMessage. “Apple should fix what’s broken,” it says. “The bad experience you get when texting Android users is created by Apple. But they can fix it by switching from SMS/MMS to RCS.”

But the Apple is clearly not for turning. “I don’t hear our users asking that we put a lot of energy in on that at this point,” Tim Cook told an event this week in response to a question on iMessage and RCS, suggesting instead that “I would love to convert you to an iPhone.” And when the questioner complained this impacts texting with his mother, he was told to “buy your mom an iPhone.”

The major driver towards RCS interoperability between Android and iOS is functionality rather than security. Exchanging rich messaging, sharing videos, emoji responses. “Apple turns texts between iPhones and Android phones into SMS and MMS,” Google says, “out-of-date technologies from the 90s and 00s.” The group experience when it crosses operating systems is also dire. “iPhones use outdated tech for group conversations with Android, so you can’t leave the chat—even when you want to.”

But the security issues are very real. SMS messages travel in relatively open-form and are wide open to interception and abuse. Users are well-advised to steer clear of using SMS for anything other than the most benign of messages.

“Once the go to of messaging,” says ESET’s Jake Moore, “SMS texting is slowing down at a tremendous rate and left to send postal updates and some one time passcodes. Encryption and secure messaging is finally making some headway whilst making a stamp on how we will message contacts going forward.”

SMS technology “was never intended to be used to transmit high risk content,” warns the U.K.’s National Cyber Security Centre. “There are a number of inherent weaknesses [which] mean that, where the value of the message content is of interest to bad actors, they are increasingly attempting to exploit SMS.” And while “mobile telecoms companies are aware of the problems with SMS and are actively working to close vulnerabilities… these are complex issues and it may be impossible to fully compensate for the inherent weaknesses of the system.”

Last year, it was reported that Apple’s stubbornness on RCS was profit-driven. Keeping families inside the iMessage bubble meant parents co-opting kids into its ecosystem. And while that profit motivation works both ways, it’s not only Google that has attacked Apple’s stance on messaging.

“iMessage is a key linchpin of their ecosystem,” Meta’s Mark Zuckerberg said of Apple last year. “It comes pre-installed on every iPhone… which is why iMessage is the most used messaging service in the US… Apple has every incentive to use their dominant platform position to interfere with how our apps and other apps work, which they regularly do to preference their own… Apple may say that they’re doing this to help people, but the moves clearly track their competitive interests.”

Apple adopting RCS within iMessage would make for a more feature-reach cross-OS experience. It would not enable end-to-end encryption between iPhones and Androids, though, without much deeper integration, as envisaged by new regulation under debate in Europe. But it would mean more advanced levels of security and encryption of your data than SMS, even if not end-to-end. And it would turn messaging from multi-hop to point-to-point. And that would resolve 99% of the SMS problem.

“SMS text messages were already the weakest link securing just about anything online,” Brian Krebs warned last year. “Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.”

Google’s “Help @Apple #GetTheMessage” campaign pushes users towards Signal and WhatsApp, and this would certainly be my advice. Don’t use iMessage for anything other than the basics. Signal is the best secure messaging platform available, but its user base is modest. WhatsApp is the largest messenger in the world. Most of your contacts will have it installed. It’s the obvious choice.

“RCS provides the security and rich content with ease,” Moore says, “but naturally Apple want the world to go solo on their device preference and help guide new users to follow their peers. When other services such as WhatsApp and Signal already exist cross platform, it is no wonder that Cook suggests that iPhone users don’t yet want another system.”

MORE FROM FORBESWarning For Russian Soldiers With Stolen Ukrainian iPhones: You Are Being Tracked

As I’ve written many times, unless and until users start voting with their feet (or fingers) and using apps and platforms that safeguard their security and privacy, then big tech won’t change. And Apple cannot hypocritcally laud the user benefits of encryption for iMessage while at the same time refusing to add even basic levels of security for iMessage users communicating outside its bubble.

And so, until it fixes this, you should all be using a cross-platform alternative instead.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment