25 comments

[ 2.7 ms ] story [ 96.5 ms ] thread
Or, to put it differently:

The arms race between unlockers/jailbreakers and Apple proceeds apace, and FaceTime lacks enterprise-level security features.

The hedline on this article is pure linkbait.

once a person connects to another person on FaceTime it for some reason non of us in the office can figure out, sends us APPLE a message and says those two people are connecting via Facetime and gives out their location to us. So for whatever reason we need that information just blows my mind. As a consumer why would you need to let Apple know that you are connecting with a person via FaceTime, its non of Apple’s business.

That seems pretty bad.

Why? Every time I log into AIM I tell AOL where I am too.
Yeah, and a phone call is analogous. I'd retract my comment, but it's too late.
Location information could be used to connect people to a server that gives them a better connection. Not necessarily an evil thing.
That information can be had passively via a GeoIP-like service, though, since it's only usable on a wifi (and thus, tethered to some hard line) connection. Sending GPS coordinates seems rather unnecessary.
> That seems pretty bad.

It's required so you can map phone numbers to the other person's IP address. I assume it's also used for STUN (http://en.wikipedia.org/wiki/STUN).

(This is just me guessing, of course, but the "don't automatically assume a huge conspiracy theory" method almost always ends up with me being right, so there.)

I wasn't thinking so much conspiracy theory...just marketing overreach, I didn't think there's possibly a technical explanation that holds water, interesting.
Incrementally connecting to random IPV4 addresses has been shown to be a really awkward way of setting up a peer to peer connection. When you try it with IPV6 people have the tendency to get born, live 70 or 80 years, and die before their FaceTime call gets connected.
Assuming this is true, good. Apple has been having it both ways by publicly prohibiting unlocking and jailbreaking while actually allowing it. Let them choke on the bad PR their tight control causes.

As for the FaceTime stuff, there are only so many ways it could work. There must be some kind of call setup signaling, and routing it all through some Apple server is a pretty obvious way to do it. The lack of encryption is a shame, though.

The lack of encryption could be a resource constraint, or it could be that getting encryption right[1] would have prevented it from shipping, or it could be that they believe that trying to do a "Secure FaceTime" will retard adoption of the protocols (which, it probably would).

I have an iPhone and bought it with eyes wide open about needing to honor the contract it came with, and so I'm watching the jailbreaker battle from the sidelines... and I'm cheering Apple on, not because I care one way or the other about unlocked phones, but because the arms race is fun to watch, and you kind of want to see the people who assume Apple can't win it get some comeuppance.

[1] Lots of AV and telephony systems try to do secure calls with encryption and they routinely screw it up.

1) Att already knows where you are. Its called cellphone towers :) Your approximate location is known.

2) As if google maps or any other google service does not collect data on you. So theres nothing special about this.

3) OTA updates is a brilliant idea. They want to lock their crap down, sorry no hacking. They want to make it as difficult as possible. Only affects people who don't abide by the EULA. Wait you do want to install ur own crap and not abide by apple's istore policies? Get an android or stfu I guess.

I do hope that #3 is sarcastic.
Do I need tin-foil hat or should I call this a hit-piece on Apple?
I hear tin-foil is coming back into style.
I'll believe the intermittent mandatory updates when I see them.
Hardware DRM. Yummy.
Not quite sure that some of this adds up.

The leaker works in the iPhone Development Department, yet "no one in the office" can figure out why the phone signals back to Apple when a Facetime session is started?

The leaker doesn't have access to the source code? Or doesn't know who would have implemented such a feature?

Or is this person simply not a developer?

I imagine when FaceTime makes the jump to 3G we'll see a "send my location" feature. Would also be handy for use in voice calls too.
A poorly-written article with a ridiculously overblown headline on a random blog from a completely unverified source. Awesome.
The parts that aren't technical are unsubstantiated rumor.

The parts that are at least somewhat technical are also clearly wrong.

I fail to see what part of this would be of any interest whatsoever to hackers.

It appears the commenters do not understand the claim of the article, is without these frequent "optional" updates, the phone will self lock.

Seems like the sort of thing an unlock/hack will easily fix though.

The article is not claiming any lockdown command by AT&T. It says that the phone locks down when it can't get a "mandatory" update. And it won't get the update if it's not on the "right" carrier.

At least it seems possible. If Alpha is right we will know soon.