Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The only way I could see this happening is if they have all of the public keys of the secure cryptographic elements in a database of all Apple devices ever created. Because otherwise, it would just be trivial to emulate a "secure cryptographic element" if it's just a public/private key.

They aren't running a client by Apple. A glance at other posts seems they are using Apple code, but that would just be a matter of reverse engineering if the code required the secure enclave.

I can't think of a way that a server would be able to prove a device is Apple or not if you were to replicate the protocol completely. Only if there was some established public/private key would this be possible. And then the private key on the device would be in a secure enclave that you could feed it data to sign to prove the device is an authorized device.



I wouldn't be surprised if they in fact do have a list of serial numbers for all the mac, ios, tvos devices they have ever sold, linked with some corresponding device-unique public key data?


After reading some other comments, this very well might be the case.


I don't know how the secure enclave works in detail but if there is a private key inside it that it uses for attestation / signing, presumably it could also have a certificate signed by an internal Apple provisioning CA infrastructure which Apple can verify on their end.

Importantly, this matters even for those older devices that were created without secure enclaves. iMessage still used this PKI architecture back before every new mac/iphone/ipad had a SE.


Of course they have all of the public keys of the secure cryptographic elements of all Apple devices (that run iMessage) ever created. Why wouldn't they?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: