

Apple Stealing All FaceTime Information, AT&T Locks Users via OTA Updates - biafra
http://www.addictivetips.com/mobile/leaked-apple-stealing-all-facetime-information-att-locks-user-via-ota-updates/

======
tptacek
Or, to put it differently:

The arms race between unlockers/jailbreakers and Apple proceeds apace, _and_
FaceTime lacks enterprise-level security features.

The hedline on this article is pure linkbait.

~~~
madair
_once a person connects to another person on FaceTime it for some reason non
of us in the office can figure out, sends us APPLE a message and says those
two people are connecting via Facetime and gives out their location to us. So
for whatever reason we need that information just blows my mind. As a consumer
why would you need to let Apple know that you are connecting with a person via
FaceTime, its non of Apple’s business._

That seems pretty bad.

~~~
astrange
> That seems pretty bad.

It's required so you can map phone numbers to the other person's IP address. I
assume it's also used for STUN (<http://en.wikipedia.org/wiki/STUN>).

(This is just me guessing, of course, but the "don't automatically assume a
huge conspiracy theory" method almost always ends up with me being right, so
there.)

~~~
madair
I wasn't thinking so much conspiracy theory...just marketing overreach, I
didn't think there's possibly a technical explanation that holds water,
interesting.

------
brown9-2
Not quite sure that some of this adds up.

The leaker _works in the iPhone Development Department_ , yet "no one in the
office" can figure out why the phone signals back to Apple when a Facetime
session is started?

The leaker doesn't have access to the source code? Or doesn't know who would
have implemented such a feature?

Or is this person simply not a developer?

------
petemack
MuscleNerd (of the iPhone Dev Team) said after looking through the code, this
is complete FUD.

<http://twitter.com/MuscleNerd>

------
37prime
Do I need tin-foil hat or should I call this a hit-piece on Apple?

~~~
CoryMathews
I hear tin-foil is coming back into style.

------
wmf
Assuming this is true, _good_. Apple has been having it both ways by publicly
prohibiting unlocking and jailbreaking while actually allowing it. Let them
choke on the bad PR their tight control causes.

As for the FaceTime stuff, there are only so many ways it could work. There
must be some kind of call setup signaling, and routing it all through some
Apple server is a pretty obvious way to do it. The lack of encryption is a
shame, though.

~~~
tptacek
The lack of encryption could be a resource constraint, or it could be that
getting encryption right[1] would have prevented it from shipping, or it could
be that they believe that trying to do a "Secure FaceTime" will retard
adoption of the protocols (which, it probably would).

I have an iPhone and bought it with eyes wide open about needing to honor the
contract it came with, and so I'm watching the jailbreaker battle from the
sidelines... and I'm cheering Apple on, not because I care one way or the
other about unlocked phones, but because the arms race is fun to watch, and
you kind of want to see the people who assume Apple can't win it get some
comeuppance.

[1] Lots of AV and telephony systems try to do secure calls with encryption
and they routinely screw it up.

------
jholloway
A poorly-written article with a ridiculously overblown headline on a random
blog from a completely unverified source. Awesome.

------
gte910h
It appears the commenters do not understand the claim of the article, is
without these frequent "optional" updates, the phone will self lock.

Seems like the sort of thing an unlock/hack will easily fix though.

------
biafra
The article is not claiming any lockdown command by AT&T. It says that the
phone locks down when it can't get a "mandatory" update. And it won't get the
update if it's not on the "right" carrier.

At least it seems possible. If Alpha is right we will know soon.

------
tzs
The parts that aren't technical are unsubstantiated rumor.

The parts that are at least somewhat technical are also clearly wrong.

I fail to see what part of this would be of any interest whatsoever to
hackers.

------
jsz0
I imagine when FaceTime makes the jump to 3G we'll see a "send my location"
feature. Would also be handy for use in voice calls too.

------
alex_c
Hardware DRM. Yummy.

------
GrandMasterBirt
1) Att already knows where you are. Its called cellphone towers :) Your
approximate location is known.

2) As if google maps or any other google service does not collect data on you.
So theres nothing special about this.

3) OTA updates is a brilliant idea. They want to lock their crap down, sorry
no hacking. They want to make it as difficult as possible. Only affects people
who don't abide by the EULA. Wait you do want to install ur own crap and not
abide by apple's istore policies? Get an android or stfu I guess.

~~~
tbeseda
I do hope that #3 is sarcastic.

