> moving a message over BLE to untrusted hardware and worse accepting them back into iMessage is a massive, massive change in the security boundary
Is it? My iPhone replicates messages to my mac from where a process can extract that data, it can capture the screen etc. I can use a mac today to set up a relay that would then send those messages to a smart watch if one would do that.
Yes? Imagine a bug where iMessages are leaked over Bluetooth when a user has installed an application that integrates with some watch brand. Bring this to an airport and you can steal hundreds/thousands of messages from a wide range of people. That’s widely different attack vector than targeting macOS.
That said, I don’t see why Apple can’t provide toolkit/certification that will make it safe to communicate over Bluetooth. They already have it in-place for Apple Watch.
I agree with you, but your iPhone forwards SMS messages, but not iMessages, and there's a trust relationship between the devices through Keychain. Still, doing it blindly over BLE is a scary proposition.
