On Friday afternoon, Beeper Mini on Android stopped working and Apple confirmed right now that it “took steps to guard our customers by blocking strategies that exploit pretend credentials as a way to achieve entry to iMessage.”
In a press release to 9to5Mac, Apple stated Beeper Mini’s “strategies posed important dangers to person safety and privateness.” Beeper’s first app — now referred to as “Beeper Cloud” — labored by routing iMessage by way of a Mac. Earlier this week, it launched Beeper Mini as a brand new Android app that exploits iMessage immediately. As we reported:
…the brand new app connects on to Apple’s service. That signifies that you aren’t signing into your Apple ID on a distant Mac or by way of Beeper’s servers – you’re simply signing in by way of Apple immediately. From there, messages and media are equally handed immediately out of your gadget to Apple. No Beeper servers (or anybody else’s) are in play right here, the corporate says.
Apple this night particularly cited the “potential for metadata publicity and enabling undesirable messages, spam, and phishing assaults.” Whereas Beeper, which used the work of a safety researcher that revealed the proof-of-concept on Github, is simply offering iMessage for Android, the assertion alludes to the potential of different events with extra nefarious intentions.
Moreover, Apple tells us that it can not confirm these faux-“iMessages” despatched by way of Beeper are solely accessible by the meant sender and recipient, or that they preserve end-to-end encryption.
Lastly, Apple says it “will proceed to make updates sooner or later to guard our customers,” with iOS 17.2 introducing iMessage Contact Key Verification.
As of Saturday morning, Beeper Cloud was re-enabled, however Beeper Mini remains to be down, although the corporate stated it was persevering with work on a repair. Beeper additionally took the step of deregistering Android telephone numbers on behalf of its customers, and prolonged the 7-day free trial one other week in order that customers aren’t billed ($2 monthly) whereas Beeper Mini is down.
Apple’s full assertion is beneath:
At Apple, we construct our services and products with industry-leading privateness and safety applied sciences designed to present customers management of their information and hold private data secure. We took steps to guard our customers by blocking strategies that exploit pretend credentials as a way to achieve entry to iMessage. These strategies posed important dangers to person safety and privateness, together with the potential for metadata publicity and enabling undesirable messages, spam, and phishing assaults. We’ll proceed to make updates sooner or later to guard our customers.
Beeper had the next to say after Apple’s assertion:
We stand behind what we’ve constructed. Beeper Mini is retains your messages personal, and boosts safety in comparison with unencrypted SMS. For anybody who claims in any other case, we’d be pleased to present our whole supply code to mutually agreed upon third occasion to judge the safety of our app.
Updating…
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.