iMessage just got secure: Apple expands iCloud two-factor authentication

Since the embarrassing revelation that iCloud’s two-factor authentication didn’t actually cover many of Apple’s online services, partially responsible for a rash of leaked celebrity photos last year, Apple has been gradually adding the security setting to many of its other services. On Thursday, users with iCloud’s two-factor authentication enabled will need to complete extra steps when logging into iMessage and FaceTime, the Guardian reported. The feature is rolling out now, but may not be available for your specific devices yet.

For users who have two-factor turned on, when you log into iMessage on a new iPhone or Mac, your Apple ID password won’t be enough to gain access. According to MacRumors, FaceTime and iMessage are using app-specific passwords, in which you generate a unique code on Apple’s website, instead of having a four-digit PIN texted to your device.

Now, a miscreant with your Apple ID password — possibly gained through phishing, other social engineering, or even a lucky guess — won’t be able to set up iMessage or FaceTime and pretend to be you without your phone. Because of the way iMessage uses encryption, simply logging into a new device doesn’t recover old iMessages, even before Apple turned on the new two-factor authentication.

If you don’t have two-factor turned on for your iCloud account, you should do it. Here’s Apple’s guide. After all, even if you’re not a celebrity, you don’t want to get hacked and have your life turned upside down.

This post was updated on 2/13 to clarify that iMessage and FaceTime are using app-specific passwords, and not two-factor authentication with a PIN code. 


UK’s Cameron won’t “allow” strong encryption of communications

The British prime minister David Cameron has suggested that if his Conservative Party wins the upcoming general election, it will not allow encrypted communications that cannot be read by the security services.

On Sunday, Cameron told ITV News: “I think we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the home secretary, to be exempt from being listened to. That is my very clear view and if I am prime minister after the next election I will make sure we legislate accordingly.” He repeated the sentiment again on Monday (video embedded below.)

The Tory leader has already said that he wants to bring back the Communications Data Bill, a.k.a. the “Snooper’s Charter,” if his party wins the upcoming general election in May. This is not news as such; the only reason the bill is on ice is that the Conservatives’ current coalition partners, the Liberal Democrats, refuse to allow it to be tabled. (The Lib Dems did, however, allow the “emergency” passage of the DRIP Act, which brought in the main planks of the Snooper’s Charter – mandatory data retention for various kinds of internet communications – on a temporary basis.)

However, the Tories’ rhetoric has predictably ramped up in the wake of the Paris killings. The idea of banning secure communications is a recent development (though it follows on from the frustration of U.K. intelligence chiefs) and is utterly flawed. Even armed with a warrant from the Home Secretary, security services would be stymied by a basic WhatsApp text chat, an email exchange properly encrypted using PGP, or an [company]Apple[/company] iMessage or FaceTime conversation – all of which use end-to-end encryption.

These, we must assume, would be the services that Cameron would not “allow” if voted back in. However, it is hard to see the British government succeeding in stopping the use of such tools. Even if (a big “if”) the government got some kind of concession from the big commercial players (key escrow?), systems such as PGP don’t even have a centralized company behind the curtains. And then there’s the issue of anonymity — monitoring the communications of someone using the anonymized browsing tool Tor, for example, is difficult to say the least. Would online anonymity also be banned?

It’s just not a sensible idea, but that doesn’t always stop the introduction of new laws. Labour leader Ed Miliband, the head of the opposition, has said he would resist the immediate reintroduction of the Snooper’s Charter and would give a “cautious and considered” response to security chiefs asking for more powers. That doesn’t mean he won’t cave in — Labour has a bad record on this stuff, and the current government took power in 2010 promising to “reverse the substantial erosion of civil liberties under the Labour government and roll back state intrusion.” But, particularly after Snowden, this is clearly going to be a live issue on the campaign trail.

Apple must answer for missing text messages, judge rules

A California woman, Adrienne Moore, who says she lost “countless” text messages after she switched from Apple’s iPhone to a Samsung Galaxy S5, can proceed with a class action lawsuit, a judge ruled on Monday.

How to deregister your phone number from iMessage and get your texts back

Screen Shot 2014-11-09 at 5.58.43 PM

There’s finally a way out of the iMessage abyss. If you’ve ever switched from an iPhone to another type of smartphone, there’s a good chance you had difficulty removing your phone number from iMessage, which meant that text messages sent to your number could disappear forever. There was even a class action lawsuit about it. On Sunday, Apple quietly introduced a new page to its website that lets you deregister a phone number from iMessage, even if you no longer have your original iPhone. It’s easy — all you have to do is plug in a code that Apple texts to you. You can find the form on Apple’s website here.

Class action lawsuit filed against Apple over lost iMessages

If you switch from an iPhone(s appl) to an Android(s goog) or other phone, there’s a good chance that some text messages will go missing due to the way Apple handles its iMessage application. Some people have been able to fix the problem — here’s how I did it — but some former iPhone users, like former Lifehacker Adam Pash, are complaining there’s no solution in sight. Adrianne Moore, one of the aggrieved switchers, filed a class action lawsuit on Friday looking for both a fix and restitution from Apple. The lawsuit was filed in federal court in San Jose, California. If you’re interested in the case, most of the filing is available over at Patently Apple.