On Friday afternoon, Beeper Mini on Android stopped working and Apple confirmed at this time that it “took steps to guard our customers by blocking methods that exploit faux credentials with a purpose to achieve entry to iMessage.”
In an announcement to 9to5Mac, Apple stated Beeper Mini’s “methods posed vital dangers to consumer safety and privateness.” Beeper’s first app — now known as “Beeper Cloud” — labored by routing iMessage by a Mac. Earlier this week, it launched Beeper Mini as a brand new Android app that exploits iMessage instantly. As we reported:
…the brand new app connects on to Apple’s service. That signifies that you aren’t signing into your Apple ID on a distant Mac or by Beeper’s servers – you’re simply signing in by Apple instantly. From there, messages and media are equally handed instantly out of your machine to Apple. No Beeper servers (or anybody else’s) are in play right here, the corporate says.
Apple this night particularly cited the “potential for metadata publicity and enabling undesirable messages, spam, and phishing assaults.” Whereas Beeper, which used the work of a safety researcher that revealed the proof-of-concept on Github, is simply offering iMessage for Android, the assertion alludes to the potential of different events with extra nefarious intentions.
Moreover, Apple tells us that it can not confirm these faux-“iMessages” despatched by Beeper are solely accessible by the meant sender and recipient, or that they keep end-to-end encryption.
Lastly, Apple says it “will proceed to make updates sooner or later to guard our customers,” with iOS 17.2 introducing iMessage Contact Key Verification.
As of Saturday morning, Beeper Cloud was re-enabled, however Beeper Mini continues to be down, although the corporate stated it was persevering with work on a repair. Beeper additionally took the step of deregistering Android cellphone numbers on behalf of its customers, and prolonged the 7-day free trial one other week in order that customers aren’t billed ($2 per thirty days) whereas Beeper Mini is down.
Apple’s full assertion is under:
At Apple, we construct our services with industry-leading privateness and safety applied sciences designed to provide customers management of their information and maintain private data secure. We took steps to guard our customers by blocking methods that exploit faux credentials with a purpose to achieve entry to iMessage. These methods posed vital dangers to consumer safety and privateness, together with the potential for metadata publicity and enabling undesirable messages, spam, and phishing assaults. We’ll proceed to make updates sooner or later to guard our customers.
Beeper had the next to say after Apple’s assertion:
We stand behind what we’ve constructed. Beeper Mini is retains your messages personal, and boosts safety in comparison with unencrypted SMS. For anybody who claims in any other case, we’d be blissful to provide our total supply code to mutually agreed upon third occasion to judge the safety of our app.
Updating…
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.