- Apple’s iMessage Exposes User IP Address and Device Details to Spammers. From Softpedia.
Apple might need to fine-tune the link preview feature the company added to iMessage in iOS 10 and macOS 10.12, released two weeks ago, in September.
According to Ross McKillop, this new feature contains an information leak bug that allows an attacker to learn an iMessage user’s IP address, OS version, and device details.
Link previews are the small content cards that appear whenever you type and share a URL in a chat window. IM services such as Facebook, Twitter, Skype, or Slack also provide this feature, which can be quite handy, offering a preview of what the link holds, without having to leave the IM app.
Tinder Social Engineering Attack. From hert.org.
The initial target has to be a male, the attack is less likely to succeed if we pick a female. Men propose, women dispose…
We swipe left until we find our target. We will call him, Bob.
We have to make sure Bob is attractive or the attack will probably not work. If in doubt we can ask a female friend.
We take a screenshot of Bob’s profile pictures and write down his biography.
Researchers Find Serious Flaws in iMessage Encryption. From On The Wire. New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on itsiMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim’s past iMessage texts.