iMessage for Android is a Security Disaster
Vložit
- čas přidán 2. 06. 2024
- 👉 Free $100 Cloud Computing Credit
seytonic.cc/linode
0:00 iMessage for Android is a Security Disaster
3:23 Nuclear Facility Hacked by Furries
5:45 Is SIM Swapping Coming To an End?
Sources:
9to5google.com/2023/11/18/not...
arstechnica.com/gadgets/2023/...
arstechnica.com/gadgets/2023/...
texts.blog/2023/11/18/sunbird...
nothing.tech/pages/nothing-chats
go.theregister.com/feed/www.t...
therecord.media/agencies-inve...
www.darkreading.com/ics-ot/id...
www.bleepingcomputer.com/news...
www.eastidahonews.com/2023/11...
therecord.media/fcc-new-rules...
news.ycombinator.com/item?id=...
docs.fcc.gov/public/attachmen...
arstechnica.com/security/2023...
docs.fcc.gov/public/attachmen...
therecord.media/sim-swapping-...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - Zábava
Enforce a 24 hour delay BEFORE any sim replacements and notify the customer by email and sms that the sim swap is going to be performed and to contact the carrier if they didn’t initiate it. Blocking SMS for 24hrs after is dumb, better to prevent the sim swap rather than mitigate the consequences.
Sadly it seems cure is better than prevension with the world! I dont get why but could be the false idea that a penny saved today is a pound/dollar tomorrow...
This is down to not contacting experts in the field before drafting legislation.
Just reading it with a skim, it sounds like a 5 year old drafting how we should handle police interactions with criminals:
"They err... police should be like nice to the criminals, unless the criminals are like bad... err something something... we need to be nice to people"
I mean, why not asking the pin and puk of the old card????? otherwise, in case you lost PUK, you need to prove your identity since it is expected to be tied to your name, if not, byebye, your fault for losing the identifiers.... This is just super easy to mitigate without ANY technical aspect.
Notify by sms is borderline stupid because if you lost the card or it does not work, how would you get the SMS? LOL
@@MrLuisrodrigues154 🤦 you need to think a little harder
on every sim change there should be a code that should appear and must be written somewhere. Whenever there’s a sim change there should always have that code in, it isn’t that hard
Completely not surprised about Nothing Chat. The first eyebrow-raiser was them relying on Sunbird
for the actual messenger, even aside from their track record, it doesn't inspire confidence.
If Carl Pei cared about actually correcting a disparity, it wouldn't be exclusive to their phones
to start, and second. It wouldn't be closed source, as for SiegedSec... They sure have a unique gimmick
Let's be clear nothing's app was a gimmick
@@he8535 Pretty much
Sunbird as always suspicious, and it never even worked half the time
I didn't know who Sunbird was when it was mentioned, so naturally I tried to look it up to read their "privacy policy". Even though they presented themselves as a U.S. registered company, I couldn't find anything, even on SEC's website. No history, no registration, nada.
It raised very damning red flags, together with the fact that as a software engineer, I was already suspicious of how this could possibly work with end-to-end encryption, if it piggy-backed off Apple's servers without an Apple ID, but instead with a custom login. Only a single search later revealed the Twitter stream about the logging issue, and later revealed everything else like a domino effect.
Hey! I'm the author of the blog post referenced in this video for the 'Nothing Chat' story.
I just wanted to say that this video is VERY well made and a great representation of the entire situation.
The story-telling and animations are really great, well done!
Thanks for pointing out such obvious flaws.
@@nnnik3595 This feels passive-aggressive. 😂
@@ridafkih it isn't though. The world is made safer because people look
That being said, if you are using nothing chat to avoid being bullied over a green bubble, those people deserve to have their privacy violated. The solution is to use Signal for everyone else.
I understand it can feel silly to care about it, but I don't think anyone deserves to have their privacy violated, even if they care about fitting into frivolous societal norms. :P Signal has its drawbacks as well for your average user! @@blisphul8084
Forget the Nothing/iMessage disaster for a second... Nobody should be forced or needed to develop solutions that solve people's ignorance and stupidity. The whole green/blue bubble debate is ridiculous on its own...
Originally it served a real purpose. Now people just use it to be snobs.
I smell a green bubble here 👃
@@somedudeonyoutubefrfrI'll get on your level: ratio
It's even so ridiculous that most parts of the world don't even care about iMessage. There are over Messenger working with both operating systems.
Ios is going to support RSC next year. This will not remove green bubbles and i dont see any issue with it as long as RCS is there. It just simply lets the user know the guy is coming from a non iphone phone.
Make it illegal to use phone numbers for auth, YES PLEASE!
The furry hackers story reminds me of the florida man who abducted a scientist to make his dog immortal.
Especially when you consider the fact that creating (or attempting to create) irl catgirls would technically break international law.
Frankly, of all the weird stories about crazies, that one makes like... at least sense...
@@FrostBird347 only technically?
@@ryan1696 Quite literally. Tampering with human DNA is illegal altogether. Not to mention that resulting abomination will live short and quite painful life.
@ryan1696 you could indirectly do research with that goal in mind by working with other organisms (e.g on monkeys).
Of course you would still need to switch over to people at one point or another, however their demand didn't state that they had to actually make them: they just had to "research creating irl catgirls".
(I will point out that personally I think it is a horrible idea, but the morality of it isn't really the topic of this discussion)
didn't expect to hear Seytonic say "meow meow meow.." 😂
Loudly even. I bet he was just looking for an excuse to say it!
>gay furry hackers
>catgirls
Yeah I don't buy it
It's gay/furries. They have both
girls can be gay?
This gives off similar vibes to "No Entry, Entrance Only"
3:35 I never imagined Seytonic saying those words, but here we are
UwU
@@shulbywolf Just no.
I just can't wrap my head around the fact that people care this much about the colour of the damn chat bubbles 😄
The bias carries over from back when you had to pay for SMS.
yeah it's crazy. also it's completely the reverse in eastern europe or at least here in poland and people will ridicule you for buying an iphone lol
It's not just the colour. It's the features! iMessage is an own feature-rich protocol, that allows media share, use of the full Unicode, group chats, confirmation of receipt and stuff like that. It has all the features of a modern messenger. SMS can't provide all these features. Unicode is just available over an optional additional protocol and not used by all phones. Media shares only work over MMS. The length of texts are limited. There is no option for group chats and SMS uses a horrible completely outdated encryption and even this encryption isn't end-to-end.
The industry solved this issue with RCS in the meantime but this isn't available in iMessage yet. RCS will only come to iMessage in the future.
@@king_james_officialbased
And it's google and android users who laugh at iphone users are pushing for this.
4:40 I bet it was causality... they were fishing for a particular exploit and INL happened to have it
yeah this seems obvious, but apparently not if only you and I are here...
also probably it went like this...
1. find fun exploit
2. search web for vulnerable people to exploit
3. shocked to find a national lab doing nuclear research vulnerable to simple hack
4. decide to out them publicly so politicians funding them and administration of the NLs can't sweep their garbage IT failures under the rug or downplay the risk and are forced to actually get their sht together and protect nuclear research secrets..
5. add furry demands for the lulz
Thank you security researcher for doing the hard work.
however, it probably wasn't that hard!
@@floppa9415 We got our hands on a Nothing Phone 2 to get access to the APK, modified some of the smali bytecode to allow us to utilise dynamic code injection with FRIDA to hook into the code in order to disable their device check and SSL pinning so that we could inspect network traffic during a successful connection. After that it was intercepting requests, exploring the permissions for the Firebase instance, and playing out attack scenarios! It's not uncommon for us to discover vulnerabilities during reverse engineering of applications, but you're right in that these ones were less-than-advanced level mistakes resulting in very easy-to-find issues.
Our initial findings were also immediately dismissed by Sunbird as they doubled down on their implementation, so we dug a little deeper when we prepared our bigger report / blog post.
It's always interesting to see that iMessage is even a thing that people use in the US.
It's used in a few other western countries like Australia and Canada. But a text being green ruining your day and being the sole reason you'd end a friendship is a very American thing to do
Telegram supremacy
@notaplic8158 I still don't believe that's real. Lots of people say hyperbolic things on the internet. While the blue bubble is seen as elite by some teens because Apple has a cult following, I have yet to see proof of friendship ending or real shaming.
@@notaplic8158 Yea, here in Europe more people have Android than IPhones, so everyone uses some common app like Whatsapp, Telegram etc. Never had to think about what kind of phone another person has 😅
It's fucking hilarious seeing people proudly using iMessage looking down at others when they're literally bottom of the barrel clowns themselves. Even Whatsapp is better in every conceivable way including privacy.
I think SMS should just be used as challenge transfer channel (like TCP) and not as proof of authentication. That would force reliance on higher level app like password manager or any other type of OTP/key authentication method.
i don't know what i expected from a video titled "iMessage for Android is a Security Disaster" but I DIDNT THINK NOTHING WOULD NOT even use HTTPS!
I first thought "what the fuck" when I watched Marques' video the second I heard they're essentially transferring your auth credentials over to a shared mac sitting in a server farm. I thought it'd be bad, trusting a remote computer used for a cheap marketing gimmick that other people also have access to, but never did I think it would be this bad, holy shit even I would immediately think to force HTTPS for credential transfer, what were they thinking?
Here in Brazil we need to confirm a lot of personal information and some carriers even ask for a photo holding a document before sim swaping.
Wow, this app really turned out to be NOTHING related to privacy promises
Oh how do I love Community Notes on Twitter. Probably the only good thing Elon Musk added, only to be community noted himself. :D This is so great feature.
getting hacked by furries is the biggest L ever
*biggest W
You'd be surprised about how big the overlap between furries and cyber security experts/hackers is
Not really. Considering that security in hacked places will be "meh" even in 90`s...
@@brr349real
@@brr349RCS or "Rich communication Services" Furry can't hacked it
Hey seytonic, what do you think about beeper? Are they any different from sunbird? Apart from being open sourced...
Nothing really lost their face with that one
Now I won't consider buying their phone.
The guy interviewed looked like he had been smoking something!
I know people who work at INL! I hope the Feds crack down hard on these hackers for their crimes.
I say they should donate to cat rescue organizations.
Agreed. INL seems pretty important and if they had released sensitive documents or anything like that it would be a disaster for national security
>telemetry
>not sending private user data
pick 1
Of course it is! When people say things like don't worry about privacy, they're not worried about privacy.
Security disaster was a first thing that came to my mind when I saw their video about I-message on Android
2fa should never be over text, it's really not a big deal just to get the authenticator app or click your hardware key. I hate how my main bank exclusivley uses sms too.
Apple be riding high on this thing to promote iMessage rn 🤣🤣
Finally a new video!
nothing says getting sensitive data stolen like "meow meow meow meow meow meow meow"
The Grammer of that sentence is actually correct. Feline grammar is complex and often requires body cues for clarification.
We live in the clown world timeline... wow.
Really makes you think for years Apple never released support for RCS and then this company makes a way... sketchy or not to connect Android devices with apples devices, and then apple releases they will be doing RCS support. I wonder why... could they be hiding something? Who knows
They will support RCS because the EU is trying to make them anyway. They just decided it wasn't worth waiting for it to happen.
So basically Nothing is as secure as SMS, down to logging messages as logs
A Purrrfect example of Cause and effect!
Wow, the horror. I wonder what else they've messed up.
Here in Hong Kong, a government-issued photo ID linked to the cell plan is needed to swap SIM cards
What if you are under 16? Most people as young as 12 have mobile plans here in the U.S.
@@IAmComicallyCartoonyYKnow here, everyone over 11 is required to have a photo id. Also, mobile plans for minors are registered under a parent's name and ID
@@MC-dz3mr In the US you can buy prepaid sims without any ID
I kinda like that its possible to get one without any id
good for privacy reasons I guess
They should use the photo to make a QR Code
@@MC-dz3mr hm.
7:29 it's been a thing for a while in Russia, which I never realized why that is whenever I recovered my SIM
iMessage on Android would be handy for someone migrating away from Apple to an open source phone. Green messages indicate reduced functionality using MMS, and people blame the one Android user for downgrading the chat rather than Apple's evil design decisions that keep iMessage closed. The story of the colour being only a superficial fashion thing (people love to judge) diverts attention away from Apple.
Future reports on cybersecurity history are going to be fascinating.
LOL the Raccoon saying "I regret nothing" Facts! Keep up the good work Seytonic! Love the content wish you would do more!
btw i watch all your videos all the time ngll
As a Nothing user, it sounded cool but after downloading it and being told to use another device to scan something i just felt so sketched out
I'm going to be honest this is the easiest thing to fix its called, tunneling. That way regardless of if "your" protocol is secure that protocol you are working with will be.
4:32 I was wondering what the "certain corners" link lead to.
So I checked, and it's just a link to the Know Your Meme page on "Genetically Engineered Catgirls"
6:39 I think you mean at-last! Most European providers have security
Measures like dedicated passwords against Sim swap already for years
My dad works at the INL and his email has already had tons of attempted logins.
Woah that is crazy this means that absolutely no one there has any idea what they are doing in therms of security. No one actually stood up and said wait ... this is not right.
nice work
Imagine caring about the color of a text bubble in an app on your phone.
Finally, a sign of intelligence
can someone tell me what that entire thing is about?
I was excited for the nothing phone initially, now, not at all. 2FA via SMS makes me hella paranoid.
3:22 they should make a third color
That's what you get for being vain. Nothing did some sketchy stuff, especially with the release of their 1st earbuds. They make claims and sell overpriced sh1t products. I kept getting surprised every time a youtuber talked about their CEO and the company at all. I failed to understand as the company wasn't doing anything special. Pretty sure now that all those "influencers" were just getting paid top dollars.
Never trust youtubers, especially if they're hyping sketchy products.
"for being vein"
a tube like structure for moving blood around the body?
I think you mean vain.
I think the real vanity is in the sad americans who judge people on the colour of a bubble.
Vein - a tubule for the transporting of blood in a organic structure such as a brain. You are speaking about bloody things my friend.
@@PWingert1966 many thanks. Vocabulary accuracy and grammar range are at utmost importance when trashing others.
@@grizzZlyBear I can offer you a link to Eats, Shoots and Leaves! A concise guide to clearer writing for better communication! Now excuse me while I contact my phlebotomist to draw blood from my vein for my annual assessment by my physician!🧛
He should have said quote "meow meow meow meow meow" that would make it more professional.
*Clears throat* "meow meow meow meow meow meow meow" 3:46
I heared about furry hacked some labalatory, and i even joked about it in our community but wasnt expecting to see details here
Nothing phone nothing chat nothing encryption 😂😂
0:09 😮😮😮
You should Make a video about the massive ALAB medical hack in Poland
oh god I haven't laughed this hard in a long time. irl catgirls would be nice.
Secure would be nth digit of a code so employees don't see or need the whole number
Allow me to shed some light on this. Those of you who don't understand are likely older than people who are in Gen Z. To people in Gen Z, who make up over 80% of iPhone users if I'm remembering the study I saw recently, the blue bubble is a status symbol. In today's world, it is similar to wearing Abercrombie and Fitch in the early 2000s. It's something that the cool, popular kids did. The poor kids did not wear the latest trendy clothing, and people associate the green bubble as being a poor Android user. Obviously this is not true in a lot of cases as for example the Galaxy Z fold 5 is worth more than an iPhone.
A lot of people say this but this isn't really the reason why green bubbles have such a stigma. One of the biggest reasons is that the MMS protocol is just generally worse for a lot of reasons (mainly Apple's fault) and that just one person being an Android user in a group chat ends up forcing the entire group to have to also use MMS. Coverage can be really spotty and especially around my school where the thick walls and dense trees surrounding the area are enough to render MMS messaging impossible in a lot of spots around the building.
@@homebrew07 I think it's peer pressure and people giving you a bad time if you don't use iPhone. I don't think average people put much thought into phone purchases outside of what's trendy and what everyone else has.
log sms in sentry would cost a crazy fortune, imagine a huge user base...
Even with 25 million errors, not just logs. It only costs $4000. Which is less than half of a developer’s salary.
Not sure what you are referring to here.
@@junzhengca ok, you are right, i overlooked some things, didn't had the best judgement.
The owner looked high as a kite
why do ppl want to use imessage instead of for example signal
why do ppl want to write down communications rather than using their highly evolved vocal chords to deliver said message in a far speedier time frame?
@@sam3317because yes I am people hi
@@sam3317 Ladies and gentlemens...we got him. That one MF who keep sending VM`s.
5:00 We get irl cat girls?????
So it’s literally just an echo chamber that repeats the message by copy-pasting it… and doesn’t even encrypt it at all…
norwegian banks use a codedevice that you have to manualy press to get the code. this is the most secure because its a physical device.
.......and the main draw for nothingchat, the "android imessage" that the title refers to, is just... blue text bubbles.
i fucking love this planet.
RIP Linode.
what about beeper?
LMAO that hack is just hilarious
Why don't they just register fingerprints, and it get checked by the government, so to have new sim or change it, scan fingerprints
Terrible idea.
There's not really a reason to use iMessage except for iMessage games when rcs comes out
Blocking sms is pointless. In the era of wfh you would be unlikely to realize the issue during the workweek.
lmfaoo goodd videoo mann
Nothing says small d energy like downloading a messaging app to get blue bubbles. Google showed the big D energy by dropping RCS and shaming apple into using it. All the features and still the rebellious nature of the green bubble
Apple is the enemy, other people are just catch up.
Lol a tech company is your enemy? You might need some hobbies
What is SIM swapping in the context of hacking?
HACKING NEWS???? HOW DID I END UP HERE
What about email based 2FA
Nothing really fumbled the bundle ey
Why didn't they delete the video also an Android user can just use a messaging app that use blue as the colour of the message bubble
i also use vodafone
Imagine getting hacked by people in fur suits
They’re ruining our reputation lol
Well that didn’t take long
this is a lawsuit waiting to happen
Why wold an android user want imessage? Dont most of us pick android because we want nothing to do with the apple ecosystem?
Blue bubble green bubble
@@BlueMario5192 Sooo...literally rasim, but on internet among coomers?
@@alexturnbackthearmy1907 maybe
@@alexturnbackthearmy1907 Pretty much yeah.
Fr we don't want iMessage for Android
this timeline is weird
"mmmm yummy data" these guys need serious help what the fu-
Nah, at least they’re not afraid to go against the government when the government does something wrong
Finnaly a normal reaction to uwu gay weirdos
Was it really a disaster? Or was it the greatest phishing attack?
Why would you want to pretend to be an Apple user lmao
Blue bubble green bubble thats the explanation a stupid war but I am done😊
Deep insecurity, they should get a therapist.
Ok,....why would you believe what a CEO says about his own product? They will for sure not tell you the truth 😂
nothing must be paying apple a lot for all these Mac minis 😂
Yeah INL needs to be shut down and remade. RIP all those jobs.
Griftonomics!
People should be using signal
meow meow meow meow meow meow meow meow meow meow, great success :3c
meanwhile huawei doing this natively
Nothing chat seems pointless since it cant even do what imessage is used for. Like games and stickers
'Let's play 8ball!'
We live in a world where gay furry hackers can force enterprises to genetically engineer catgirls...
What a blessing.
something worth living for
INL is borked for sure.