272

AirDrop cracked by China, revealing phone number & email (9to5mac.com)

submitted 10 months ago by KarnaSubarna@lemmy.ml to c/privacy@lemmy.ml

41 comments fedilink hide all child comments

The Beijing institute developed the technique to crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content, the city’s judicial bureau said in an online post. Police have identified multiple suspects via that method, the agency said, without disclosing if anyone was arrested. “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences,” the bureau said.

Further read: https://sfj.beijing.gov.cn/sfj/sfdt/ywdt82/flfw93/436331732/index.html

all 47 comments

sorted by: hot top controversial new old

[-] WhatsThePoint@lemmy.world 113 points 10 months ago* (last edited 10 months ago)

Or China is just saying they cracked Air Drop to try to scare protestors from using this feature. If they cracked it, why would they make it public that they cracked it when they could catch dissidents using it without their knowledge? Not to mention making it public puts pressure on Apple to patch it, which would destroy their access. Doesn’t make much sense to make this public if it is true.

[-] drdabbles@lemmy.world 98 points 10 months ago

Whenever a government or government agency announces a successful exploit, I presume they've already exhausted it and moved on to another one that won't be patched or publicly divulged for many years.

[-] possiblylinux127@lemmy.zip 5 points 10 months ago

I don't buy it. This smells like a way of causing fear in those who want to share information.

[-] hangukdise@lemmy.ml 7 points 10 months ago

¿Por que no Los dos?

[-] BearOfaTime@lemm.ee 4 points 10 months ago* (last edited 10 months ago)

iMessage ~~is insecure~~ security isn't as robust as most people think, and this has been known for years.

People still use it

[-] hottari@lemmy.ml 38 points 10 months ago

Apple has been taking massive Ls after Ls wrt the security of their iPhones in recent times. It's almost as if magically branding your products "private and secure" doesn't work.

[-] ExLisper@linux.community 17 points 10 months ago

Finding an exploit created by state-level actor is not a massive L. They have shown in the past that they are able to hack air gaped systems, weaken commonly used security standards and implant vulnerabilities into commercial software. I don't think you will find a company that is immune to this. Other than that, did they really have so many security issues recently?

[-] hottari@lemmy.ml 5 points 10 months ago* (last edited 10 months ago)

Read the article. The exploit was found by the state actors not created by them. Apple is ultimately responsible for the mishap due to the insecure design of the aforementioned feature.

Even though China partially had a hand in the creation of this flaw according to the history of the feature.

And yes, Apple has been a constant feature on the news for such privacy leaks of late. You just haven't been paying attention.

[-] ExLisper@linux.community 6 points 10 months ago

If state actor would create it it would be a backdoor. Exploits are by definition bugs/security issues that can be.... well, exploited and state-level actors are really good at finding them. Still, if it takes resources of state actor to find an exploit I don't think it's a massive L. Yes, it's totally possible they had some other serious security issues recently and I haven't been paying attention. That's why I'm asking.

[-] red@sopuli.xyz 3 points 10 months ago* (last edited 10 months ago)

Ordering your hardware from China makes it a tad bit easier to shoehorn backdoors in it.

[-] Cqrd@lemmy.dbzer0.com 7 points 10 months ago

That's... basically all hardware these days...

[-] red@sopuli.xyz 1 points 10 months ago

Indeed 😬

[-] Aatube@kbin.social 4 points 10 months ago

It’s almost as if an authoritarian nation has espionage professionals.

[-] MonsiuerPatEBrown@reddthat.com 6 points 10 months ago

We just call them the US

[-] LWD@lemm.ee 5 points 10 months ago* (last edited 9 months ago)

deleted

[-] homesweethomeMrL@lemmy.world 21 points 10 months ago

Usually when one of Apple’s security measures is breached, the company would issue an update to patch it. We’d hope this will happen here, but the Chinese government is likely to apply pressure on the iPhone maker to leave the exploit unpatched – at least, on Chinese devices.

WELL, Apple? ? . . . We're waiting

[-] rdri@lemmy.world 7 points 10 months ago

Too busy protecting iOS users from iMessages of unauthorized color.

[-] possiblylinux127@lemmy.zip 15 points 10 months ago* (last edited 10 months ago)

Probably not a reliable source but you should still use Foss with strong encryption (RSA2048+ ideally)

[-] Scolding7300@lemmy.world 5 points 10 months ago

For airdrop? There's a foss airdrop?!

[-] southernwolf@pawb.social 15 points 10 months ago

While I have little respect for Apple's overall privacy practices, this sounds a lot like the CCP making something up to scare protesters and dissidents from using AirDrop. There's no sensible reason they would be advertising such an exploit openly, especially when it could potentially be used to secretly spy on dissidents, protesters, or even used in foreign espionage. Something doesn't sit right with this.

[-] BearOfaTime@lemm.ee 9 points 10 months ago

Well if Apple doesn't fix it, like they haven't fixed the iMessage flaws) they've known about for years, then it's still useful.

And most people won't even know of this issue, and they'd still use Airdrop anyway, saying "I'm not interesting enough to spy on".

iMessage lacks forward secrecy, so if I get your RSA key which never changes, I can read all your old messages and any new ones too. And that's just one issue with iMessage. And people don't know about it, and still use it, thinking it's secure. (it's pretty good in my opinion, just wish Apple would fix the issues linked article).

[-] ebits21@lemmy.ca 11 points 10 months ago

Oh China, you rascal.

[-] Apollo2323@lemmy.dbzer0.com 7 points 10 months ago

This is a great podcast about the vulnerabilities China has for their own only...

Click Here: 101. Bug bounties with Chinese characteristics

Episode webpage: http://www.recordedfuture.com/podcast

Media file: https://chrt.fm/track/DG79BE/traffic.megaphone.fm/RFEI8990516258.mp3?updated=1704745626

[-] yogthos@lemmy.ml 3 points 10 months ago

LMAO hope they do another purge of CIA operatives https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html

[-] bappity@lemmy.world 2 points 10 months ago* (last edited 10 months ago)

only reason that I can see why they're saying they've done this has to be some kind of scare tactic

would be a bit stupid to reveal this hand otherwise

[-] kworpy@lemm.ee -1 points 10 months ago

You guys are gullible as shit if you think this is real. This is yet another bullshit scare tactic by the Chinese government. Also these articles are hardly even sourced and are just copypasted from other news sites to farm clicks.

[-] possiblylinux127@lemmy.zip 2 points 10 months ago

Yeah this does smell fishy. The Chinese government is quick to manipulate and lie and I doubt they would want to get people not to use a service they can break.

[-] WebTheWitted@beehaw.org 1 points 10 months ago

Ahh, that makes sense. I was wondering, "Why the hell are they announcing their zero day to the Internet?"

[-] Outtatime@sh.itjust.works -5 points 10 months ago

China has deals with apple in that the government can spy on any Apple devices for Chinese citizens.

[-] TheAnonymouseJoker@lemmy.ml 13 points 10 months ago* (last edited 4 months ago)

[removed by mod]

[-] Outtatime@sh.itjust.works 1 points 10 months ago

I agree. I'm just referring to China since this article is. They claim they figured it out but really they already have the keys to the backdoor. It was a requirement that Apple provided it to China before Apple devices could be sold in China.

[-] possiblylinux127@lemmy.zip 1 points 10 months ago* (last edited 10 months ago)

I think we should use Foss software because no single entity can be trusted.

And just to be clear, China is very much bad. I'm not sure why you are suddenly complaining about the US. Also I'm pretty sure China - US relations are not great so I'd imagine the CIA isn't exactly in league with China. Just look at the number of Pandas in the US.

[-] Aatube@kbin.social -2 points 10 months ago* (last edited 10 months ago)

CIA shell company? Hah, as if they’d base all their logistics in China. Nobody said the USA was better.

this post was submitted on 09 Jan 2024

272 points (96.9% liked)

Privacy

31912 readers

469 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS