Apple End-to-End Encryption

Find a flaw

Beware Cat Shirt $21.68

Rise, Grind, Banana Find Shirt $21.68

Beware Cat Shirt $21.68

  1. 1 month ago
    Anonymous

    >Find a flaw
    the phone itself is backdoored

    • 1 month ago
      Anonymous

      Is it backdoored for remote access or when it's accessed 1 on 1?
      and really, when is that backdoor actually being used?

      • 1 month ago
        Anonymous

        How ? Is it hardware or software ? Or maybe it has been engineered in a specific way to help NSA use one of its tools ?

        It's hardware.
        https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
        Russians (Kaspersky Labs) got hacked through a sophisticated chain of exploits, and reported it. The chain is kind of moronic because it burns twice as much 0days as necessary, but most of it is irrelevant. The interesting part is that Apple left a magic debug address in their CPU that literally unlocks your phone instantly.
        >when is that backdoor actually being used?
        Nobody knows (aka "all the time, probably"). What's better, nobody knows how many of those backdoors there is.

        • 1 month ago
          Anonymous

          they can do this remotely through your hardware?

          • 1 month ago
            Anonymous

            It's entirely remote and zero-click, they can just send you a message invisible by you and have the complete access to your phone if they want.
            And no, they don't care about burning zero-days either, they amassed so many that they don't give a frick, according to the article above.
            You can assume shitdroid is even easier to penetrate, and your israelitetel/ayyymd/arm desktop also has something like that

          • 1 month ago
            Anonymous

            I was going to say though...if every mainstream CPU has this backdoor, what's even the point of noting it? like you can't escape it unless you use the shittiest of tech right?

          • 1 month ago
            Anonymous

            After all that has been uncovered, I don't think you can escape this at all, really. It's undeniable that NSA (and other competent agencies - GCHQ, FSB, chinese something etc) simply have unfettered access to anything, and it's not a matter of importance of you to them, they have increasingly vast resources and do it with seemingly non-important targets like entrepreneurs.
            It's actual material subversion by glowBlack folk regardless of their affiliation

          • 1 month ago
            Anonymous

            Well sure. I can agree with that. But it still helps to secure your data against everyone EXCEPT governments. And the governments only care if you're doing real psycho shit

          • 1 month ago
            Anonymous

            >And the governments only care if you're doing real psycho shit
            This may be true, but consider that the person in control of "the government" may not always be on your side.
            "The government" isn't just some mystical entity that exists to keep (You) comfy and protected in perpetuity.

          • 1 month ago
            Anonymous

            >everyone does it so you should just accept it
            fed

          • 1 month ago
            Anonymous

            >if every mainstream CPU has this backdoor
            He didn't read the paper.
            For the illiterate ones: remote+userspace exploits, first links in the chain, rely on iMessage, Apple's TTF and Apple's JS interpreter. Remove all of them, allow people to install drop-in alternatives on first boot, or at least make them optional, and it's going to become harder to cover all of the devices. Only after those initial steps kernel and CPU manipulation can occur.
            So CPU vuln risk can be reduced, mitigated with the proper OS.

          • 1 month ago
            Anonymous

            [...]
            It's hardware.
            https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
            Russians (Kaspersky Labs) got hacked through a sophisticated chain of exploits, and reported it. The chain is kind of moronic because it burns twice as much 0days as necessary, but most of it is irrelevant. The interesting part is that Apple left a magic debug address in their CPU that literally unlocks your phone instantly.
            >when is that backdoor actually being used?
            Nobody knows (aka "all the time, probably"). What's better, nobody knows how many of those backdoors there is.

            That's an exploit, not a backdoor. The point of a backdoor is something your build in to "get in through the back". An exploit is like squeezing through the window or punching a hole in the wall.

          • 1 month ago
            Anonymous

            It's cringe watching you trying to be smart.
            > attacker "guessed" proper debug addresses
            > unused by everything else
            > how? Well, he's just smart

          • 1 month ago
            Anonymous

            Your own terminology proves your wrong. Its debug address. For debugging. Its not a backdoor. Hope things get better for you so you dont feel the inherent need to insult people just making posts

          • 1 month ago
            Anonymous

            >For debugging
            For ~~*debugging*~~
            They don't call it the "backdoor address" only because it's "innocent until proven guilty".

          • 1 month ago
            Anonymous

            I accept your concession

        • 1 month ago
          Anonymous

          This demoralized me when it released. Really all hardware post 2010 should be scrutinized

          • 1 month ago
            Anonymous

            >Really all hardware post 2010 should be scrutinized
            I mean we're talking CIA/FBI tech. If they're targeting you wtf are you doing

          • 1 month ago
            Anonymous

            doing journalism, for example
            glow harder

          • 1 month ago
            Anonymous

            well, if you're doing journalism, don't use a cloud service
            fair right?

          • 1 month ago
            Anonymous

            ok, then don't use the encrypted file hosting for...what exactly do you think applies to the normal person here? you know, someone who isn't a pedo?

            secure enclave in your cpu.
            it's impossible to extract those keys.

            I was going to say though...if every mainstream CPU has this backdoor, what's even the point of noting it? like you can't escape it unless you use the shittiest of tech right?

            >t.

          • 1 month ago
            Anonymous

            >Really all hardware post 2010 should be scrutinized
            impossibru, unless you have a super simple system
            it's possible by a huge org, but then you won't trust the results
            the only way is to reduce and simplify the entire digital world (hardware, software, ecosystem of potential installs, and actual deployments) to the understandable and verifiable subset, and that won't happen, ever
            enjoy the brave new world

          • 1 month ago
            Anonymous

            Yes, accurate. It's much like the notion of "if only we designed our own CPU's bottom up!". How? These are gloriously complex pieces of technology with skilled designers who spend their lives building upon the work of others. It is tempting to say "make it really simple", but that opens the way to brute force approaches.

            >And the governments only care if you're doing real psycho shit
            This may be true, but consider that the person in control of "the government" may not always be on your side.
            "The government" isn't just some mystical entity that exists to keep (You) comfy and protected in perpetuity.

            Governments are just centralised decision-making organisations, a complex of interconnected and overlapping institutions. A better term is "governance", or "network governance": government is the central core that relies on networks of non-state and non-agencified (i.e., created by government mandate but largely separate, and performing a defined function) to implement policy. Governments are also not homogeneous: they are composed of competing ideals, beliefs, ideologies, and personal/group preferences that shape the governance process. More applicable in decentralised systems we have in the west, rather than highly centralised (autocratic) systems (which do have their own advantages).
            Anyway, you are "safe" if you aren't a threat to the system in any way. If you are? See Julian Assange, or Edward Snowden (who now gets to camp out in Russia, lol).
            Oh, and I would say that Apple deserves the benefit of the doubt: their internal policy on collaboration with government is likely very strong. All you need is to insert one, or more "spies", or capture the information from Apple directly... or employ former Apple staff lol.

          • 1 month ago
            Anonymous

            Cool thanks for the definition.
            >Anyway, you are "safe" if you aren't a threat to the system in any way
            This is essentially the same thing you said before, and once again it's just a nice way to ignore the problem and stick your head in the sand.
            It's nice and convenient for your opinion that right now your activities arent considered a threat to the system.

          • 1 month ago
            Anonymous

            I never said it was a good thing. Privacy is for ten, even twenty years from now. Imagine being put in a camp because you questioned official narratives on China ten years ago, then got spooked by changing geopolitical conditions. I do not ignore this problem: the only things I can (practically) do are;
            1. Educate myself and build awareness of security and privacy issues.
            2. Increase my security, privacy, and anonymity.
            3. Try to communicate to others the ongoing and increasing risks, disseminate knowledge where possible.
            4. Learn niche coding skills so I can one day...

            STRIKE THE FRICK BACK.

        • 1 month ago
          Anonymous

          >Apple left a magic debug address in their CPU that literally unlocks your phone instantly
          kek
          this is the kind of meme security that iBlack folk shill daily?

        • 1 month ago
          Anonymous

          So why hasn't this been used for jailbreak yet, oh because it's a nothing burger?

          >Apple left a magic debug address in their CPU that literally unlocks your phone instantly
          kek
          this is the kind of meme security that iBlack folk shill daily?

          Yeah I'm sure your Qualcomm CPU isn't backdoored goy.

          • 1 month ago
            Anonymous

            >So why hasn't this been used for jailbreak yet, oh because it's a nothing burger?
            Because that specific backdoor has been closed now that it was uncovered by kaspersky

        • 1 month ago
          Anonymous

          here's an interesting black hat talk about this
          you can't buy a cpu without hidden instructions

    • 1 month ago
      Anonymous

      How ? Is it hardware or software ? Or maybe it has been engineered in a specific way to help NSA use one of its tools ?

    • 1 month ago
      Anonymous

      Did they ever end up patching that Pegasus vulnerability? Because It feels like it was just weeks ago I was hearing about Iran or something exploiting it again.

      • 1 month ago
        Anonymous

        I've heard that the Lockdown Mode prevents Pegasus from working.

        • 1 month ago
          Anonymous

          Pegasus uses a bunch of vulns, not just one. It's a system, not a specific exploit.

  2. 1 month ago
    Anonymous

    Apple has the keys Black person

    • 1 month ago
      Anonymous

      ADP is about them not owning the key moron

      • 1 month ago
        Anonymous

        And who will make sure of that? Trim Cut? heh.

        • 1 month ago
          Anonymous

          secure enclave in your cpu.
          it's impossible to extract those keys.

          • 1 month ago
            Anonymous

            >it's impossible to extr-ACK
            https://media.ccc.de/v/37c3-12296-full_aacsess_exposing_and_exploiting_aacsv2_uhd_drm_for_your_viewing_pleasure

          • 1 month ago
            Anonymous

            you really think the worlds most valuable tech company would give thier customers real privacy? lol

          • 1 month ago
            Anonymous

            Explain how these two things are even remotely related

  3. 1 month ago
    Anonymous

    >made by apple
    >proprietary
    >apple has backdoor keys
    >e2ee except they can see what you say
    >find a flaw
    par for the course fricking idiot IQfytard

  4. 1 month ago
    Anonymous

    None

  5. 1 month ago
    Anonymous

    It's proprietary. The code cannot be independently audited.

    • 1 month ago
      Anonymous

      RMS is myopic because he only concentrates on software. There's no clear distinction between software and hardware anymore.

  6. 1 month ago
    Anonymous

    It's a misuse of the term "end-to-end encrypted", because that would imply that it's only encrypted until it hits iCloud servers. I hate the trend of words not meaning anything specific.

    • 1 month ago
      Anonymous

      moron

      • 1 month ago
        Anonymous

        If it is not sending from one person to the other, it is a mediated circle, and therefore "end-to-end" isn't linguistically accurate. It's literally an encrypted NAS.

        • 1 month ago
          Anonymous

          >It's literally an encrypted NAS.
          that's a good thing right?

        • 1 month ago
          Anonymous

          It's e2ee between your apple devices

  7. 1 month ago
    Anonymous

    It’s Apple so it’s probably backdoored by the US government

  8. 1 month ago
    Anonymous

    >not open source
    What's stopping them from just straight up lying?

  9. 1 month ago
    Anonymous

    What's to stop Apple from silently "upgrading" you to a version which doesn't use E2EE any more?
    Would you even know if the hash of the iOS binaries had changed?

    • 1 month ago
      Anonymous

      can't you disable automatic updates

      • 1 month ago
        Anonymous

        How would you know if the updater ignored the setting?

    • 1 month ago
      Anonymous

      People will find out immediately. It’s not like they can remove it and no-one will notice.

      • 1 month ago
        Anonymous

        >People will find out immediately.
        Not if Apple target these stealth updates at specific non-technical users.
        The code would still implement E2EE, but it would simultaneously be storing an unencrypted copy of each message you send and receive.
        Then it could slowly upload that data to Apple's servers whenever the phone makes other benign connections to them.

      • 1 month ago
        Anonymous

        >It’s not like they can remove it and no-one will notice.
        They just need to send the keys along. It's an undocumented encrypted protocol liable to change at any moment ... a couple extra bytes of gibberish will alert exactly no one.

  10. 1 month ago
    Anonymous

    >Apple
    there's your flaw

  11. 1 month ago
    Anonymous

    Every breath you take
    www.inverse.com/article/16929-apple-watch-will-now-remind-ou-to-breathe
    Every move you make
    www.stopspying.org/latest-news/2021/10/1/stop-condemns-apple-for-tracking-iphone-location-when-turned-off
    Every bond you break
    acecilia.medium.com/apple-is-sending-a-request-to-their-servers-for-every-piece-of-software-you-run-on-your-mac-b0bb509eee65
    Every step you take
    www.komando.com/security-privacy/secret-map-tracking-apple/465598
    I'll be watching you
    www.thehackernews.com/2017/10/iphone-camera-spying.html

    Every single day
    https://sneak.berlin/20201112/your-computer-isnt-yours
    Every word you say
    www.foxbusiness.com/technology/apples-siri-is-eavesdropping-on-your-conversations-putting-users-at-risk
    Every game you play
    techstory.in/apple-slammed-by-epic-games-chief-for-spyware-tools
    Every night you stay
    www.iphonelife.com/content/your-iphone-spying-you
    I'll be watching you
    www.malwarebytes.com/blog/news/2022/11/apple-sued-for-pervasive-and-unlawful-data-tracking

    Oh, can't you see
    You belong to me
    truthout.org/articles/apple-employee-blows-whistle-on-illegal-spying-and-toxic-working-conditions
    How my poor heart aches
    With every step you take
    nakedsecurity.sophos.com/2018/08/13/siri-is-listening-to-you-but-shes-not-spying-says-apple
    Every move you make
    https://sneak.berlin/20230115/macos-scans-your-local-files-now
    Every vow you break
    appleinsider.com/articles/16/09/29/apple-acknowledges-tracking-imessage-metadata-and-sharing-it-with-law-enforcement
    Every smile you fake
    abc4.com/news/tech-social-media/yes-your-iphone-is-taking-invisible-pictures-of-you
    Every claim you stake
    wonderfulengineering.com/u-s-apple-store-employees-are-working-to-unionize-and-theyre-using-android-phones-to-keep-apple-from-spying-on-them
    I'll be watching you
    www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf

    • 1 month ago
      Anonymous

      Very underrated post.

  12. 1 month ago
    Anonymous

    Wait, weren't they scanning all your files for CP? So now it's "E2E"?

    • 1 month ago
      Anonymous

      It scans it locally against a pre-downloaded DB with perceptual hashes

    • 1 month ago
      Anonymous

      It scans it locally against a pre-downloaded DB with perceptual hashes

      they didn't do the CSAM thing

      • 1 month ago
        Anonymous

        the code is sitting there, waiting to be deployed as soon as the governments "force them" to
        in reality, Apple is lobbying behind the scenes to get this mandate introduced so that only big tech companies can run encrypted file hosting services

        • 1 month ago
          Anonymous

          ok, then don't use the encrypted file hosting for...what exactly do you think applies to the normal person here? you know, someone who isn't a pedo?

          • 1 month ago
            Anonymous

            https://talk.macpowerusers.com/t/parents-who-use-google-photos-be-extremely-careful-what-you-upload/30389
            if you have nothing to hide, you have nothing to fear, right?

  13. 1 month ago
    Anonymous

    There are companies whos role it is to find exploits for apple phones and they sell them for big bucks to glowies and private contractors.

  14. 1 month ago
    Anonymous

    It's not true encryption if the company is somewhat relevant and has it's seat in the US

  15. 1 month ago
    Anonymous

    Is no use when FBI puts a gun to their head and tells them to push an update to steal all your shit. The operating system is always MitM and the operating system is end to end controlled by Apple.

  16. 1 month ago
    Anonymous

    Its end to end encryption. One end is Apple, you are the other end, and no one else can access your data.

    Only you and Apple can read your data. So you are safe

    • 1 month ago
      Anonymous

      apple doesn't have an encryption key for my data

      • 1 month ago
        Anonymous

        Read the thread dumbass, they just uncovered a backdoor that has been used for 3+ years, they don't need your keys when they can access everything inside your phone with ease

        • 1 month ago
          Anonymous

          so then why do they have you set recovery contacts in case you lose your password?

          • 1 month ago
            Anonymous

            Just a facade so guillible morons still think their data is safe. Apple always have means to expose your data but will never openly admit it so they can't get sued, they just claim its a "bug".
            Exposing admin passwords on plaintext.
            Saving disk encryption passwords in plaintext.
            Exposing said disk encryption passwords with no external tools.
            Nullifying internet secure connections with a double goto.
            Israel companies having something to unlock and spy iphones in every version since forever.
            Only a fool would trust apple with their personal data.

          • 1 month ago
            Anonymous

            They have no reason to hide anything unless the US indemnifies them. If some whistleblower fricks them, breach of contract would cost them money and good will.

          • 1 month ago
            Anonymous

            Except a hidden hardware backdoor that bypasses every security measure in the device tells you otherwise.
            Can't see how any sane person would still trust them after so many security blunders.

          • 1 month ago
            Anonymous

            They had to chain 4 exploits.

          • 1 month ago
            Anonymous

            4 chain?

  17. 1 month ago
    Anonymous

    *AHEM*

    There’s always a flaw.

  18. 1 month ago
    Anonymous

    proprietary

  19. 1 month ago
    Anonymous

    anon i can get paid 500k$ or more for this if i sell the flaw

  20. 1 month ago
    Anonymous

    >Scans the hash of every single file you have to cross reference with their massive database of every piece of CP ever known

  21. 1 month ago
    Anonymous

    Get the frick out of here apple shill

    https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

  22. 1 month ago
    Anonymous

    End-to-End encryption is a myth.
    It's virtually impossible for the average joe to establish the connection in a truly secure fashion.
    In 99% of use case, there's a way to do a man in the middle 'attack'. Which is to say : the service provider itself will be the one fricking you over.

  23. 1 month ago
    Anonymous

    Apple, US government and Tel Aviv have access.

  24. 1 month ago
    Anonymous

    >END-to-NSA Encryption

  25. 1 month ago
    Anonymous

    Realize the "end" in e2e encryption is a proprietary application on a proprietary OS that you have no control over. That immediately invalidates e2e encryption. Same goes for proprietary applications like WhatsApp.

  26. 1 month ago
    Anonymous

    apple still holds the keys to icloud mail. would switch to entirely icloud if that wasnt the case

  27. 1 month ago
    Anonymous

    >end to iCloud to end encryption

Comments are closed.