x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • iMessage becomes the tool of a denial-of-service-attack

iMessage becomes the tool of a denial-of-service-attack

Posted: , by Maxwell R.

Tags:

iMessage becomes the tool of a denial-of-service-attack
Apple’s instant messaging platform works well enough, enabling group chat amongst iOS devices and it also works on Apple’s desktop OS X as well.

As versatile as our smartphones are, they do have some limitations and that is why we still use desktop and laptop computers. Apple computers are fairly easy to script in order to perform repetitive tasks and that is what appears to have happened as a targeted iMessage attack.

A few developers were the focus of someone’s ire, claiming to be a part of Anonymous. Using an Applescript, the “hacker” automated the sending of several messages in rapid succession. Back in the old days of instant messaging, it was called scrolling.

The strings of messages would be so large that it would be impossible for the recipient to clear the messages and notifications. The result is that the Messages app would essentially crash, and that is a Denial-of-Service attack, rudimentary for sure, but still one-in-the-same.

The problem is that iMessage is typically tied to an email address, or if you have an iPhone, a phone number. Changing your email address is simple enough, though inconvenient. Changing a phone number is not so simple a proposition.

Compounding that problem is that Apple does not have any apparent limits or triggers in place related to how fast messages can be sent. That issue can be further complicated when large strings of “complex” characters are sent, preventing the Messages app from rendering everything properly and crashing the application.

For now, the only fix is to disable the Messages application as there is no setting to block specific senders. However, a determined harasser will use multiple “throwaway” emails to keep up the shenanigans. This initial small group of “victims” were iOS developers. Why they were targeted is not known.

sources: The Next Web via The Verge


19 Comments
  • Options
    Close




posted on 30 Mar 2013, 21:25 5

1. Droid_X_Doug (Posts: 5527; Member since: 22 Dec 2010)


Interesting how this hack appeared on iOS/OSX. But it doesn't have a bot-net behind it. I wonder how long before Apple starts clamping down on AppleIDs?

posted on 30 Mar 2013, 21:47

4. lyndon420 (Posts: 1686; Member since: 11 Jul 2012)


Weren't they talking about 2 step verification similar to what Google has?

posted on 31 Mar 2013, 00:16

12. TechBizJP08 (Posts: 494; Member since: 25 Mar 2013)


It was different, 2 step verification is for purchasing apps in iTunes.

posted on 31 Mar 2013, 08:26

16. Droid_X_Doug (Posts: 5527; Member since: 22 Dec 2010)


2-step verification should also apply to 'new' computers being used to access AppleID-related services (like iMessage) for the first time.

The point I am making about Apple clamping down on AppleIDs s that the DDoS attack is depending on throw-away AppleIDs to swamp the target. If Apple restricts AppleIDs (for example, requires a valid credit card verification to set up an AppleID), the attack runs out of steam.

posted on 30 Mar 2013, 21:27 6

2. AnTuTu (Posts: 625; Member since: 14 Oct 2012)


So nothing is going right for "Fruit" here :p

posted on 31 Mar 2013, 00:04

11. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)


2013 is a bad year for them!

posted on 30 Mar 2013, 21:38 5

3. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Once again....nothings perfect....no matter what some ppl think.

posted on 31 Mar 2013, 08:32 2

17. Droid_X_Doug (Posts: 5527; Member since: 22 Dec 2010)


+1. And just because iMessage was used beyond its intended purpose, doesn't mean it (or iOS) is not secure. Security/lack of security is generally taken to mean how resistant the phone is to giving up its contents to an un-authorized user. In that metric, iOS is pretty secure.

posted on 30 Mar 2013, 22:14 2

5. darkkjedii (Posts: 10079; Member since: 05 Feb 2011)


Find the hackers and make them say uncle

posted on 30 Mar 2013, 22:47 5

6. blingblingthing (Posts: 418; Member since: 23 Oct 2012)


Wow. Wasn't Apple's iOS suppose to be the secure, bug, glitch and vulnerability free OS that just works?

Not hating on apple, but anyone who believes iOS is some lag and bug free OS needs to wake up.

posted on 31 Mar 2013, 00:17 3

13. TechBizJP08 (Posts: 494; Member since: 25 Mar 2013)


Nobody is perfect man. Even apple makes mistake.

posted on 30 Mar 2013, 23:09 4

7. rusticguy (Posts: 2818; Member since: 11 Aug 2012)


It just works ... whichever way you look at it ... this time "it just worked" for the hackers :)

posted on 30 Mar 2013, 23:53 2

9. belovedson (Posts: 830; Member since: 30 Nov 2010)


that was a good one. another reason to go with blackberry in the name of security but for most this leak doesnt matter much

posted on 30 Mar 2013, 23:25 1

8. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)


Reminds me of APPLE-ROYALLY!

Anyone remember him?

posted on 31 Mar 2013, 00:02 1

10. zvioocge (Posts: 26; Member since: 23 Oct 2012)


how apple is trying to block some services to secure their system,system is coming more vulnurable :)

posted on 31 Mar 2013, 02:19 1

15. neurobiologist (Posts: 65; Member since: 07 Nov 2012)


Apple did made people to think that apple is secure. Using expensive and professional marketing, ads and art tricks to make it look geometrically perfect, did hypnotized simple minded (mostly Americans) that each product is best of the best wow!, but behind ads were s**tty products, everything borrowed from another companies, little additions above to look high tecky, cheap production in china, and wuala, go milking those people without stop. Cook can't hypnotize people like Jobs. So pseudo secure and magical apple now becoming just an s**tty looser company. I wish them to go this way!

posted on 31 Mar 2013, 10:39

19. TROLL (banned) (Posts: 4851; Member since: 13 Apr 2012)


Cause there good at R&D!

posted on 31 Mar 2013, 14:35 1

20. roscuthiii (Posts: 1785; Member since: 18 Jul 2010)


Anything Man can make, Man can break. All it takes is motivation and a little time, and sometimes even a few household chemicals and the proper proportions. ;-)

"This initial small group of “victims” were iOS developers. Why they were targeted is not known." - Well... what apps did these developers work on? Were they more cooperative sharing user information with authorities? Were they political party campaign apps? Were they monetizing user information without user consent/knowledge? I'd begin by looking into these areas first were I to investigate.
Barring any of those reasons, could be because of competitive developers or even personal conflicts between them.
Finally, could just be about having a bigger e-peen.

Hopefully a fix will be issued soon.

posted on 01 Apr 2013, 08:16 1

21. gmracer1 (Posts: 646; Member since: 28 Dec 2012)


I'm not gonna say anything bad. I'm just gonna sit here and smile about this :-)

Want to comment? Please login or register.

Latest stories