this post was submitted on 09 Dec 2023
619 points (93.7% liked)
Technology
58303 readers
14 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
“Oh, what’s this unauthorized bullshit on our servers?”
[block]
I’m just surprised that it took this long
same. there seems to be a lot of people that don't realize some things don't get done, not because they're impossible, but because as soon as they do it a company will put a stop to it.
it's like cracking a Xbox or something. the very next patch will render the method obsolete and nonviable. when i heard this workaround was coming for Android, my immediate reaction was how long it would last before Apple just changed something so that it doesn't work.
My bum has a crack, can they fix that?
Back it up on my hard drive and I'll close your gaping security hole with my hotfix, sweetheart.
Their hope was that they got close enough to an actual Apple device that breaking it would break Apple devices. It turns out they weren't close enough, but they could be with a few improvements.
Probably had to be extra careful to test. MDM software software might get glitched out.
I'm really curious about how it was detected, how it was different from Apple devices. If nothing else I'm looking forward to reading about how that all worked.
It is usually easy to detect a specific client. Like even if you ignore the keys there are dozens of little details like the TLS fingerprint of whatever library they use not matching iOS. Things that are easy to miss and sometimes hard to bypass. Then there are heuristics on how it is used is likely unique.
From what I understand, their guess is that Apple is now checking if the device also has support for other services, such as FaceTime. Beeper Mini and pypush don't pretend to support FaceTime, so it breaks.