iMessage becomes the tool of a denial-of-service-attack
As versatile as our smartphones are, they do have some limitations and that is why we still use desktop and laptop computers. Apple computers are fairly easy to script in order to perform repetitive tasks and that is what appears to have happened as a targeted iMessage attack.
A few developers were the focus of someone’s ire, claiming to be a part of Anonymous. Using an Applescript, the “hacker” automated the sending of several messages in rapid succession. Back in the old days of instant messaging, it was called scrolling.
The strings of messages would be so large that it would be impossible for the recipient to clear the messages and notifications. The result is that the Messages app would essentially crash, and that is a Denial-of-Service attack, rudimentary for sure, but still one-in-the-same.
The problem is that iMessage is typically tied to an email address, or if you have an iPhone, a phone number. Changing your email address is simple enough, though inconvenient. Changing a phone number is not so simple a proposition.
Compounding that problem is that Apple does not have any apparent limits or triggers in place related to how fast messages can be sent. That issue can be further complicated when large strings of “complex” characters are sent, preventing the Messages app from rendering everything properly and crashing the application.
For now, the only fix is to disable the Messages application as there is no setting to block specific senders. However, a determined harasser will use multiple “throwaway” emails to keep up the shenanigans. This initial small group of “victims” were iOS developers. Why they were targeted is not known.
sources: The Next Web via The Verge
iMessage used for nefarious purposes
1. Droid_X_Doug (Posts: 5954; Member since: 22 Dec 2010)
Interesting how this hack appeared on iOS/OSX. But it doesn't have a bot-net behind it. I wonder how long before Apple starts clamping down on AppleIDs?
4. lyndon420 (Posts: 1785; Member since: 11 Jul 2012)
Weren't they talking about 2 step verification similar to what Google has?
12. TechBizJP08 (Posts: 495; Member since: 25 Mar 2013)
It was different, 2 step verification is for purchasing apps in iTunes.
16. Droid_X_Doug (Posts: 5954; Member since: 22 Dec 2010)
2-step verification should also apply to 'new' computers being used to access AppleID-related services (like iMessage) for the first time.
The point I am making about Apple clamping down on AppleIDs s that the DDoS attack is depending on throw-away AppleIDs to swamp the target. If Apple restricts AppleIDs (for example, requires a valid credit card verification to set up an AppleID), the attack runs out of steam.
2. AnTuTu (Posts: 971; Member since: 14 Oct 2012)
So nothing is going right for "Fruit" here :p
3. jroc74 (Posts: 5192; Member since: 30 Dec 2010)
Once again....nothings perfect....no matter what some ppl think.
17. Droid_X_Doug (Posts: 5954; Member since: 22 Dec 2010)
+1. And just because iMessage was used beyond its intended purpose, doesn't mean it (or iOS) is not secure. Security/lack of security is generally taken to mean how resistant the phone is to giving up its contents to an un-authorized user. In that metric, iOS is pretty secure.
5. darkkjedii (Posts: 12620; Member since: 05 Feb 2011)
Find the hackers and make them say uncle
6. blingblingthing (Posts: 459; Member since: 23 Oct 2012)
Wow. Wasn't Apple's iOS suppose to be the secure, bug, glitch and vulnerability free OS that just works?
Not hating on apple, but anyone who believes iOS is some lag and bug free OS needs to wake up.
13. TechBizJP08 (Posts: 495; Member since: 25 Mar 2013)
Nobody is perfect man. Even apple makes mistake.
7. rusticguy (Posts: 2828; Member since: 11 Aug 2012)
It just works ... whichever way you look at it ... this time "it just worked" for the hackers :)
9. belovedson (Posts: 832; Member since: 30 Nov 2010)
that was a good one. another reason to go with blackberry in the name of security but for most this leak doesnt matter much
8. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)
Reminds me of APPLE-ROYALLY!
Anyone remember him?
10. zvioocge (Posts: 26; Member since: 23 Oct 2012)
how apple is trying to block some services to secure their system,system is coming more vulnurable :)
15. neurobiologist (Posts: 85; Member since: 07 Nov 2012)
Apple did made people to think that apple is secure. Using expensive and professional marketing, ads and art tricks to make it look geometrically perfect, did hypnotized simple minded (mostly Americans) that each product is best of the best wow!, but behind ads were s**tty products, everything borrowed from another companies, little additions above to look high tecky, cheap production in china, and wuala, go milking those people without stop. Cook can't hypnotize people like Jobs. So pseudo secure and magical apple now becoming just an s**tty looser company. I wish them to go this way!
20. roscuthiii (Posts: 1873; Member since: 18 Jul 2010)
Anything Man can make, Man can break. All it takes is motivation and a little time, and sometimes even a few household chemicals and the proper proportions. ;-)
"This initial small group of “victims” were iOS developers. Why they were targeted is not known." - Well... what apps did these developers work on? Were they more cooperative sharing user information with authorities? Were they political party campaign apps? Were they monetizing user information without user consent/knowledge? I'd begin by looking into these areas first were I to investigate.
Barring any of those reasons, could be because of competitive developers or even personal conflicts between them.
Finally, could just be about having a bigger e-peen.
Hopefully a fix will be issued soon.
21. gmracer1 (Posts: 646; Member since: 28 Dec 2012)
I'm not gonna say anything bad. I'm just gonna sit here and smile about this :-)