• jdrch@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    11 months ago

    Yeah I was wondering how they were pulling that off without registering the phone number or iCloud account with Apple. Thanks @BearOfaTime@lemm.ee for the explanation.

    In any case, this also shows that iMessage can be spoofed.

    • BearOfaTime
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      10 months ago

      They were registering the number and iCloud account, that’s how it works.

      They just built their own ANP service to interface with GCM.

      I tried it, it used my existing iCloud account to send messages. Couldn’t do that if it didn’t connect to iCloud and get the RSA key.

      As a matter of fact, to stop using it you have to de-register your phone number from iCloud.

      If you read the apps or devs docs it’s all explained.

      • jdrch@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        to stop using it you have to de-register your phone number from iCloud.

        Ah, TIL. I was wondering that. I’ll avoid it then.

        • FierySpectre@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Well the whole deal was that you were interacting with an official apple service directly… so having to register for an apple account doesn’t seem that strange.

          They merely took out the intermediary step of the relay with real apple hardware (Macs)