• @[email protected]
    link
    fedilink
    English
    8
    edit-2
    11 months ago

    Yeah I was wondering how they were pulling that off without registering the phone number or iCloud account with Apple. Thanks @[email protected] for the explanation.

    In any case, this also shows that iMessage can be spoofed.

    • @[email protected]
      link
      fedilink
      English
      12
      edit-2
      11 months ago

      They were registering the number and iCloud account, that’s how it works.

      They just built their own ANP service to interface with GCM.

      I tried it, it used my existing iCloud account to send messages. Could do that if it didn’t connect to iCloud and get the RSA key.

      As a matter of fact, to stop using it you have to de-register your phone number from iCloud.

      If you read the apps or devs docs it’s all explained.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        to stop using it you have to de-register your phone number from iCloud.

        Ah, TIL. I was wondering that. I’ll avoid it then.

        • @[email protected]
          link
          fedilink
          English
          211 months ago

          Well the whole deal was that you were interacting with an official apple service directly… so having to register for an apple account doesn’t seem that strange.

          They merely took out the intermediary step of the relay with real apple hardware (Macs)