PDF is basically a programming language, so instead of sending image data you send a program which is interpreted by the PDF reader to render an image on the client. That makes it really hard to secure completely.
Can someone explain like I'm 5 why it's so hard to prevent this?
I mean with a messenger app, you know you're getting some payload of data from a specific place, that goes through your own server, and is only ever going to be text or picture or video.
Why can't that be sufficiently sanitised en route and as it arrives to not have this kind of thing happen all the time?
Because the OS is too complicated, imessage is a legacy app which is deeply embeded in the OS. And often the exploits are in things like the notifications but imessage is the easiest way to deliver the data to any ios user.
And people will flame me for this, but part of it is because the language iOS is written in allows these exploits to slip in easily and all over the place and the difficulty of stopping it is too great. There is a good reason Google has started migrating core components of Android to Rust and that the Google security team is pushing the effort for rust in Linux.
The surface area for bugs becomes so much smaller when you can have a compiler eliminate whole classes of bugs.
The language might help the developers mitigate some issues but it is definitely not a solution the bad legacy code, mediocre development and test processes etc.
It isn't a panacea. Switching to Swift or Rust wouldn't prevent all vulns. But it would improve things. Modern code, strong developers, rigorous testing, static analysis, and fuzzing all make things better but they still consistently fail to enable developers to produce programs free of memory errors. This is true even for applications that have absolutely world class people doing these things.
You need all of it. Language safety is only part of the path forward, but it is an essential part.
TBH you need to combine both, NASA uses safer languages and strict processes for example. Simply moving to another language might mitigate some possible issues but will definitely won't solve everything
End to end encryption. The server doesn't get to see the data, so there is no chance to analyze/filter it on the way. All the parsing and sandboxing has to happen on user devices... and there's always one more bug left to exploit there, especially in a legacy codebase like iMessage.
This is one of the unfortunate downsides of E2EE: there is no way to do server side security on message contents, so you rely entirely on endpoint security. For a non-E2EE service it would be trivial to scan for, collect, and more easily block exploitation attempts.
The relevant applications are written in memory-unsafe languages. For an application of meaningful complexity, it is virtually impossible to actually write a safe program in C or C++ and even more impossible to maintain that safety. The code doing the sanitization is itself attackable and the process of sanitizing complex media is very complicated.
Great question. Every cell carrier processes images before delivering to the recipient. Like, if you send 3 or more photos almost every cell carrier will downsize the images. While this isn't an extensive test, I just tried renaming a PDF to a GIF and it failed to send on Google Voice and T-Mobile.
Recently my iPhone started rebooting itself occasionally and randomly. I've been a long-term iPhone user and never seen this behaviour before on previous or current device.
I'm not one to wear a tin-foil hat, but I have to admit NSO did come to mind.
My mom’s iPad was doing the same thing for a long time and I suspected hardware failure (it was getting kinda old), so I told her to take it into the Apple store for diagnosis and repair. It turned out that the iOS install was just corrupted by bit flips and the Apple employee did a factory reset and it was all good afterwards. There’s many things that can go wrong with even modern computers that aren’t exploit related
The worst part is it is all just too complicated to work out why. My desktop seems to freeze and full crash once every few days and I have no idea why or even how to work out. Since it is custom built, I can't just take it to the apple store and say I want a new one.
It usually is the RAM that has developed a fault. Run memtest[0] to detect errors. Otherwise, in descending order of likelihood, it could be the motherboard, psu, some driver/kernel crash caused by peripheral, or bad cpu.
My fiancée already received a large group iMessage that had 40+ unknown numbers on it that all shared the same area code and first 3 digits of the phone number. The contents of the message was unintelligible (random words).
Kind of interesting Apple reacted as quickly as they did. It usually takes a lot of effort to get Apple to acknowledge anything. Or maybe because they didn’t request a bug bounty?
Apple should know who works for NSO Group. It should block every single account of every single person working for that org. Same goes for their families.
Google should do the same for Android.
You do not fight organizations like that by fighting "organization". You make it very difficult for people who work for those organizations to participate in a society that relies on what they actively work on breaking. In fact, you tell Israeli government that unless they put a leash on its dog and lock it up in its backyard, you will start disabling accounts of every single person in Israeli government. When the government leaders cannot work their iphones, they will ensure that NSO does not touch Apple's products.
Baby hackers that want go working for NSO want to have a high life. Modern high life requires modern communications devices. Blocking them from modern life (for example, vaccine passports done via iPhone and Android) will quickly lower the ranks.
Blocking Israeli government officials from Google and Apple will immediately solve NSO is an Israeli company that is cozy with the government and gets government protection problem.
None of the NSO group's clients would want to pay for it via suitcases of cash. And in either event paying with suitcases of cash creates problems in the modern world for those that receive the suitcases of cash.
there is a wide range of exploit brokers and a decent number of security researchers that choose $ over morality as long as there is demand there will be supply.
> Apple should know who works for NSO Group. It should block every single account of every single person working for that org. Same goes for their families.
NSO are suing Facebook - successfully so far - to force them to allow NSO staff access to Facebook when FB responded to NSO attacks by doing just that.
Facebook was suing NSO about the hacks that NSO carried out.
In this case Facebook, Apple, Google, etc should simply terminate the accounts exercising "we are deplatforming you. No explanation" option they all have.
NSO Group operates at the pleasure of Israel. If Israel says "jump" NSO Group is going to respond with "Would you like us to have our tongues out while we do it?"
The simple solution for those who are concerned about this is to use a dumbphone. It's simple, easily hackable, and most importantly does not promote a false sense of security.
I believe it is completely wrong to believe that software can be made secure. It is inherently unsafe, by nature. I believe every internet facing computer should be partitioned in two virtual machines, one that connects to the outside world, and another that contains user data. Processes in the user data partition shouldn't be allowed to connect to the internet.
The result of current design is that I have practically lost the right to write and use potentially unsafe software, even if I wrote it - something I may want to do for performance or practical reasons.
Testing is hard. You need someone to understand the system. The problem with SW testing is that is mainly used to verify requirements, not to find defects. Also layers over layers of libraries does not help either (look how cool i am: instead of using libjpeg, libxpm and libpng i use imlib which links to those and introduces also its own bugs).
So I have to update to protect my self from Pegasus/NSO and in the meantime to install next beta of CSAM scanner.
Hmm. No. I Deleted all my apps and photos, using it as a phone and banking app terminal. Phone calls metadata is collected by governments by default, so I have no problem with this. I have nothing to hide, and nothing to store on Apple devices.
Someone more paranoid than me, told me outrageous theory. Apple want's to take part of Pegasus spyware like market by providing a legal and user approved backdoor for governments trough CSAM.
I don't believe it at all.:)
Don't underestimate the value of privacy. How much (or little) you have to hide is something worth hiding. It's what you do and don't know, do and don't say, do and don't communicate with, this is all important to keep private by default.
There's a tendency for individuals to assume the role of would-be criminal in these discussions. It's more correct to assume criminals exist on all sides, do you have any interest in enabling a corrupt government to surveil its law-abiding citizens? When you don't have privacy, you enable potential criminals in power to see if the populace is aware of their actions, or absolutely distracted by instagram. We're all potential witnesses to crimes, and at this point it's exceedingly likely we'd communicate those observations via smartphones. We all require privacy and secure communications, full stop.
This line of thinking is predicated on two assumptions:
1) That the local authorities are essentially malevolent
2) That it is only the individual's (privacy/security) measures that are deterring the malevolent authority from exploiting them
For most Americans/Europeans, both of these assumptions are false and based in paranoid fantasies. Local authorities are rarely malevolent (though they may commonly be corrupt and excessively self-interested and not care about you), and it is virtually impossible for the average citizen to mount a home defense (real or cyber) against a committed state actor, or even local PD. It's like trying to secure a VM guest from access by the host machine; you're completely surrounded.
I fully support protecting yourself & your privacy against petty criminals, but unilaterally taking on your government is frankly just a waste of life.
It is sacracstic coment depicting the general state of things.
Normalization of surveillance and acceptance of this "new world" from the genereal public trough manufactured consent by the corporations, media and governments is staggeringly fast.
There is not subsitution for privacy, whatever the percieved motivation for "common good" is bringing to the table.
My personal decision is to avoid the surrveilance state by using FOSS solutions and abandon smartphone habbits.
There must be a place for design and software solutions outside the "status quo". Started this year by removing Apple from my business and moving along to educate my customers of incomming dangers for their businesess and personal life.
At tnis point in time I would not believe anything Apple is saying. After all backslash they just postponed it, to make it better and to avoid negative PR for the new iPhone.
What a response.
Apple moaned about privacy with years. Not me.
Apple used big billboards all over the world with clear privacy message.
Only to create biggest intrusion on user space circumventing 4th amendment by introducing scanning by third party private corporation criteria (funded by DOJ). Creating a precedent in which all governments will be able to snoop and classify.
And I am "moaning". GTFO.
