Posts Tagged: exploit

Apple confirms it has blocked iMessage exploit

On December 10, 2023 by Michelle Turner With 0 Comments - Tech

It was never going to last. Ever since it was launched this week, the Beeper Mini app, which let Android users get iMessage text support, was expected to be in trouble as soon as it caught Apple's attention. And catch Apple's attention it has. Yesterday, the entire Beeper platform appeared to be on the fritz, resulting in speculation that the iPhone maker had been shutting down the iMessage workarounds. As of this morning, Beeper Mini was still posting on X (formerly Twitter) that it was working on and potentially fixing the outage, but with an announcement from Apple today, all that may be for naught. 

"We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage," Apple said. "These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users."

Though Apple does not mention any apps by name, it stands to reason that, given the timing of Beeper Mini's launch and recent troubles, that this refers to the loophole the platform was using. 

Beeper's method sent users' texts to Apple's servers before moving on to their intended recipients, and was thought up by a high-school student. Would-be messengers wouldn't even need an Apple ID to access iMessage via Beeper Mini, though the Android app did offer end-to-end encryption for conversations between those on both operating systems. 

Apple also said today that it's unable to verify that messages sent through unauthorized means that pose as having valid credentials can maintain end-to-end encryption. Beeper had anticipated that this workaround might one day be shut down, and it looks like the Android-iOS messaging divide remains intact. For now.

This article originally appeared on Engadget at https://www.engadget.com/apple-confirms-it-has-blocked-imessage-exploit-012015485.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

, , , ,

Anonymous claims responsibility for Moscow traffic jam tied to app exploit

On September 3, 2022 by Michelle Turner With 0 Comments - Tech

On Thursday morning, Moscow’s busy Fili district became the site of a traffic jam unlike any before it. Motherboard (via The Verge) reports hackers used Russia’s Yandex Taxi ride-hailing app to order dozens of drivers to coverage on Kutuzovsky Prospekt, one of the city’s main thoroughfares. The act caused traffic on part of the already congested street to come to a standstill for about 40 minutes while Yandex worked to address the situation.

“On the morning of September 1st, Yandex Taxi encountered an attempt by attackers to disrupt the service — several dozen drivers received bulk orders to the Fili district of Moscow,” a Yandex spokesperson told Motherboard. In a separate statement shared with Russia’s state-owned TASS news agency, Yandex said it reworked its routing algorithm following the attack to prevent similar incidents from occurring in the future. The event is one of the first known instances of hackers exploiting a ride-hailing app to create a traffic jam.

Several Twitter accounts claiming affiliation with Anonymous say the hacktivist collective is behind the incident. On Friday, one Anonymous account said the group worked with the IT Army of Ukraine, a volunteer organization formed at the start of the war, to carry out the attack.

Anonymous previously claimed responsibility for a cyberattack that took down multiple Russian government websites, including those belonging to the Kremlin and the Ministry of Defence. “Faced with this series of attacks that Ukraine has been suffering from the Russian dictator Vladimir Putin, we could not help but support the Ukrainian people,” the group said at the time.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

, , , , , ,