|
|
|
|
|
|
by danaris
919 days ago
|
|
|
Based on my understanding, Beeper is using false or duplicate Apple device credentials in order to authenticate with Apple as "being a legitimate iMessage endpoint". There's no need to take the—rather draconian—step of locking out all Apple users who are using Apple IDs through the browser; all Apple needs to do is ban the false device IDs and possibly close the loophole that allows Beeper to create them. Any time you see something that looks like a jailbreak, at its heart is a vulnerability in the device or service that is being jailbroken. That is, fundamentally, a security flaw, and fixing that security flaw is all that's necessary to prevent the jailbreak. The fact that this one is with one of Apple's services, rather than with iPhones or other Apple devices, means that they don't even have to push out some software/firmware update and hope everyone applies it: all they have to do is update their own servers, and Beeper will be locked out again. |
|
|
When AWS first came out with these, this was my first thought. People could spin up an EC2 instance and use it for iMessage, and Beeper came to be shortly after this feature went live in AWS.