WingNews logo WingNews
top | item 38534166

(no title)

bgorman | 2 years ago

My prediction is that Apple will start to use attestation (device check) to lock down iMessage. The problem is that this would require a software update for older devices.

discuss

order

kotaKat|2 years ago

They already partially do.

> Warning: In order to generate the “validation data”, pieces of information about the device such as its serial number, model, and disk UUID are used. This means that not all validation data can be treated equivalently: just like with Hackintoshes, the account age and “score” determine if an invalid serial can be used, or if you get the “customer code” error.

The "customer code" error is a prompt from Apple, basically an attestation failure -- you have to contact Apple Support to get your Apple ID unlocked once you've tripped the failure. Legitimate customers will breeze right through (eg, just approving your login from your legit device), but Hackintosh users use crafty means to fake their way through the process.[1]

[1]https://old.reddit.com/r/hackintosh/comments/gij9rt/getting_...

blibble|2 years ago

remote attestation would mean it's not possible to pull out the binary and run it externally

you'd need the key from the TPM/secure enclave too, which is much much harder to extract

ocdtrekkie|2 years ago

Apple already provides security updates to all iOS devices made in the last 5ish years at least, so it would probably take a pretty trivial number of years for them to have an update deployed to nearly all iOS devices that see active use.

gafage|2 years ago

The iPhone 5s (released ten years ago) received an update earlier this year.

cavisne|2 years ago

It would require a hardware update for older devices I believe, ie any that don’t have TPMs

uf00lme|2 years ago

I think that is how BBM worked, but I could be wrong. I'd be surprised if it is part of the over arching OS security. Sounds like something that should be in their lockdown mode at the very least.