• jdrch@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    Yeah I was wondering how they were pulling that off without registering the phone number or iCloud account with Apple. Thanks @[email protected] for the explanation.

    In any case, this also shows that iMessage can be spoofed.

    • BearOfaTime@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      1 year ago

      They were registering the number and iCloud account, that’s how it works.

      They just built their own ANP service to interface with GCM.

      I tried it, it used my existing iCloud account to send messages. Could do that if it didn’t connect to iCloud and get the RSA key.

      As a matter of fact, to stop using it you have to de-register your phone number from iCloud.

      If you read the apps or devs docs it’s all explained.

      • jdrch@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        to stop using it you have to de-register your phone number from iCloud.

        Ah, TIL. I was wondering that. I’ll avoid it then.

        • FierySpectre@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Well the whole deal was that you were interacting with an official apple service directly… so having to register for an apple account doesn’t seem that strange.

          They merely took out the intermediary step of the relay with real apple hardware (Macs)