iMessage becomes the tool of a denial-of-service-attack

iMessage becomes the tool of a denial-of-service-attack
Apple’s instant messaging platform works well enough, enabling group chat amongst iOS devices and it also works on Apple’s desktop OS X as well.

As versatile as our smartphones are, they do have some limitations and that is why we still use desktop and laptop computers. Apple computers are fairly easy to script in order to perform repetitive tasks and that is what appears to have happened as a targeted iMessage attack.

A few developers were the focus of someone’s ire, claiming to be a part of Anonymous. Using an Applescript, the “hacker” automated the sending of several messages in rapid succession. Back in the old days of instant messaging, it was called scrolling.

The strings of messages would be so large that it would be impossible for the recipient to clear the messages and notifications. The result is that the Messages app would essentially crash, and that is a Denial-of-Service attack, rudimentary for sure, but still one-in-the-same.

The problem is that iMessage is typically tied to an email address, or if you have an iPhone, a phone number. Changing your email address is simple enough, though inconvenient. Changing a phone number is not so simple a proposition.

Compounding that problem is that Apple does not have any apparent limits or triggers in place related to how fast messages can be sent. That issue can be further complicated when large strings of “complex” characters are sent, preventing the Messages app from rendering everything properly and crashing the application.

For now, the only fix is to disable the Messages application as there is no setting to block specific senders. However, a determined harasser will use multiple “throwaway” emails to keep up the shenanigans. This initial small group of “victims” were iOS developers. Why they were targeted is not known.

sources: The Next Web via The Verge


FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless