news.volyx.in

Apple fixes bug that cops used to extract deleted chat messages from iPhones (techcrunch.com)

888 points by cdrnsf · 83 days ago · 192 comments on HN

Article summary

Apple has fixed a bug that allowed law enforcement to extract deleted chat messages from iPhones. The bug caused notifications with message content to be cached on the device for up to a month, even after the messages were deleted. This issue was particularly concerning for users of secure messaging apps like Signal, which offer features like automatic message deletion. Apple has released a software update to fix the bug, which also includes a backport for iPhone and iPad owners running older iOS 18 software.

Main themes

  • iPhone security
  • Notification caching
  • End-to-end encryption
  • Law enforcement access
  • Signal messaging app
  • iOS updates

What commenters say

  • The bug that allowed law enforcement to extract deleted chat messages from iPhones was a significant security concern, particularly for users of secure messaging apps.
  • Disabling notifications or setting them to only show that a message has been received, without displaying the content, can help protect user privacy.
  • Some commenters believe that Apple and Google's role in handling notifications can compromise end-to-end encryption and make messages vulnerable to government surveillance or third-party attacks.
  • Others argue that the issue was a bug rather than a deliberate design choice, and that Apple's fix addresses the problem.
  • There is disagreement about whether Signal's implementation of push notifications is secure, with some arguing that the message text is end-to-end encrypted and others claiming that metadata can still be logged.
  • The update that fixes the bug also raises concerns about Apple's tactics to push users to upgrade to newer versions of iOS, including automatically enabling automatic updates.
  • Some commenters appreciate Apple's decision to backport the fix to older iOS versions, while others see it as a necessary response to the severity of the exploits being used in the wild.
  • The incident highlights the ongoing cat-and-mouse game between tech companies and those seeking to exploit security vulnerabilities for surveillance or other purposes.