iMessage becomes the tool of a denial-of-service-attack

iMessage becomes the tool of a denial-of-service-attack
Apple’s instant messaging platform works well enough, enabling group chat amongst iOS devices and it also works on Apple’s desktop OS X as well.

As versatile as our smartphones are, they do have some limitations and that is why we still use desktop and laptop computers. Apple computers are fairly easy to script in order to perform repetitive tasks and that is what appears to have happened as a targeted iMessage attack.

A few developers were the focus of someone’s ire, claiming to be a part of Anonymous. Using an Applescript, the “hacker” automated the sending of several messages in rapid succession. Back in the old days of instant messaging, it was called scrolling.

The strings of messages would be so large that it would be impossible for the recipient to clear the messages and notifications. The result is that the Messages app would essentially crash, and that is a Denial-of-Service attack, rudimentary for sure, but still one-in-the-same.

The problem is that iMessage is typically tied to an email address, or if you have an iPhone, a phone number. Changing your email address is simple enough, though inconvenient. Changing a phone number is not so simple a proposition.

Compounding that problem is that Apple does not have any apparent limits or triggers in place related to how fast messages can be sent. That issue can be further complicated when large strings of “complex” characters are sent, preventing the Messages app from rendering everything properly and crashing the application.

For now, the only fix is to disable the Messages application as there is no setting to block specific senders. However, a determined harasser will use multiple “throwaway” emails to keep up the shenanigans. This initial small group of “victims” were iOS developers. Why they were targeted is not known.

sources: The Next Web via The Verge


FEATURED VIDEO

16 Comments

1. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Interesting how this hack appeared on iOS/OSX. But it doesn't have a bot-net behind it. I wonder how long before Apple starts clamping down on AppleIDs?

2. AnTuTu

Posts: 1613; Member since: Oct 14, 2012

So nothing is going right for "Fruit" here :p

11. TROLL

Posts: 4851; Member since: Apr 13, 2012

2013 is a bad year for them!

3. jroc74

Posts: 6023; Member since: Dec 30, 2010

Once again....nothings perfect....no matter what some ppl think.

17. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

+1. And just because iMessage was used beyond its intended purpose, doesn't mean it (or iOS) is not secure. Security/lack of security is generally taken to mean how resistant the phone is to giving up its contents to an un-authorized user. In that metric, iOS is pretty secure.

5. darkkjedii

Posts: 31069; Member since: Feb 05, 2011

Find the hackers and make them say uncle

6. blingblingthing

Posts: 965; Member since: Oct 23, 2012

Wow. Wasn't Apple's iOS suppose to be the secure, bug, glitch and vulnerability free OS that just works? Not hating on apple, but anyone who believes iOS is some lag and bug free OS needs to wake up.

13. TechBizJP08

Posts: 495; Member since: Mar 25, 2013

Nobody is perfect man. Even apple makes mistake.

7. rusticguy

Posts: 2828; Member since: Aug 11, 2012

It just works ... whichever way you look at it ... this time "it just worked" for the hackers :)

9. belovedson

Posts: 1061; Member since: Nov 30, 2010

that was a good one. another reason to go with blackberry in the name of security but for most this leak doesnt matter much

8. TROLL

Posts: 4851; Member since: Apr 13, 2012

Reminds me of APPLE-ROYALLY! Anyone remember him?

10. zvioocge

Posts: 26; Member since: Oct 23, 2012

how apple is trying to block some services to secure their system,system is coming more vulnurable :)

15. neurobiologist

Posts: 89; Member since: Nov 07, 2012

Apple did made people to think that apple is secure. Using expensive and professional marketing, ads and art tricks to make it look geometrically perfect, did hypnotized simple minded (mostly Americans) that each product is best of the best wow!, but behind ads were s**tty products, everything borrowed from another companies, little additions above to look high tecky, cheap production in china, and wuala, go milking those people without stop. Cook can't hypnotize people like Jobs. So pseudo secure and magical apple now becoming just an s**tty looser company. I wish them to go this way!

19. TROLL

Posts: 4851; Member since: Apr 13, 2012

Cause there good at R&D!

20. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Anything Man can make, Man can break. All it takes is motivation and a little time, and sometimes even a few household chemicals and the proper proportions. ;-) "This initial small group of “victims” were iOS developers. Why they were targeted is not known." - Well... what apps did these developers work on? Were they more cooperative sharing user information with authorities? Were they political party campaign apps? Were they monetizing user information without user consent/knowledge? I'd begin by looking into these areas first were I to investigate. Barring any of those reasons, could be because of competitive developers or even personal conflicts between them. Finally, could just be about having a bigger e-peen. Hopefully a fix will be issued soon.

21. gmracer1

Posts: 646; Member since: Dec 28, 2012

I'm not gonna say anything bad. I'm just gonna sit here and smile about this :-)

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.