Dit is toch gewoon een bug? En bij alle 4s+ toestellen met de laatste versie (7.1) klopt het gewoon wat Apple zegt.
Wat betreft je claim over het onveilig zijn; lees/luister maar eens naar deze expert:
Part 3. So if anyone is listening to this and missed the last two podcasts, you need to go back. I'm not going to drag us all through where we've been. I'll just say that, from reading the latest version of Apple's iOS Security document, which was lengthy and full of really useful architectural details, I've developed a very, I think, complete and mature understanding of how focused Apple has been on the security of the iOS platform; that, without exception, they have shown a respect for, I mean, a technically enforced respect, with the architecture and the design, for the rights of the user. Nowhere are they receiving information that they don't need in order to deliver the services that they're offering. And this little phone that you hold in your hand is so easy to underappreciate because it is a little crypto miracle. I mean, it is, from the beginning of its boot, all the way through, it's employing absolutely state-of-the-art cryptography in a way that shows evolution.
Er zijn twee kritiekpunten:
De eerste is op iMessage. Omdat er geen echte authenticatie is, kan Apple theoretisch alle iMessages onderscheppen. Apple zegt dat ze dit niet doen, maar technisch is het mogelijk.
So I said what I wanted to say. I wanted to - the architecture is nice. The weakness is that we're trusting them with the authentication side. That's a benefit for ease of use. It's a complete collapse of iMessage as a secure messaging platform. To get that, you simply have to go out of Apple. You need to use Threema or TextSecure. And I'm still liking Threema better. It's, again, it's a little more obligation, but it's very clear, and it's now been subject to two independent security audits. I haven't talked about that yet, but I've got two security audits, and this thing just comes up five stars out of five across the board.
De tweede gaat over de keyChain. Die gebuikt een stuk encryptie die door een NSA-werknemer is gemaakt en daardoor door expert niet wordt vertrouwd:
But the Keychain is a concern in a pure RSA sort of worry mode. Everywhere that we have encountered, they have been using the right crypto. In every instance. And in fact, I re-read the paper, the entire thing, after I stumbled my toes over the use of the wrong elliptic curve for protecting the Keychain because it is the only place in Apple's entire architecture they use the wrong elliptic curve. And by "wrong," I mean one that came from the NSA, which no security expert now trusts.