Proprietary Apple and Google Traps
-
Web Browsers/Web Servers
-
Google ☛ BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique | Google Cloud Blog
The Rise of Browser in the Middle (BitM): BitM attacks offer a streamlined approach, allowing attackers to quickly compromise sessions across various web applications.
MFA Remains Crucial, But Not Invulnerable: Multi-factor authentication (MFA) is a vital security measure, yet sophisticated social engineering tactics now effectively bypass it by targeting session tokens.
-
-
Mobile Systems/Mobile Applications
-
MacRumors ☛ iOS 19 to Improve Texting With Android Users in Five Ways
Apple this week said that it plans to add support for end-to-end encrypted RCS messages to the Messages app in future iOS, iPadOS, macOS, and watchOS software updates, and that news actually has some additional implications.
-
-
Standards/Consortia
-
John Gruber ☛ Daring Fireball: New RCS Spec From GSM Association Adds E2EE; Both Apple and Google to Support It
This is nothing but good news. But it’s wrong to frame this along Google’s lines, that they’ve been there waiting for Apple to support E2EE for RCS. They’ve been waiting for Apple to support RCS at all, yes, and Google has also implemented their own proprietary E2EE layer for RCS. But until now, there was no E2EE specification in the open RCS spec. Now there is. That’s why it’s not just Android ↔︎ iOS RCS messaging that wasn’t able to use E2EE, but even Android ↔︎ Android, unless both devices were using Google’s own Messages app.
-
Six Colors ☛ Apple to add end-to-end encryption support for RCS
Personally, I never really thought it made sense for Apple, a company whose brand is about security and privacy, to withhold support for encryption on RCS. But the real issue was that the RCS standard did not include support for cross-platform encryption, even though other providers, like Google, enabled encryption on their platforms. So it doesn’t surprise me to see that this move is being made in concert with the GSM Association, which oversees the RCS standard.
-