April 1, 2013
Denial Of Service Prank Meant To Crash Apple’s iMessage App
Michael Harper for redOrbit.com — Your Universe Online
A small number of developers have found themselves the victim of a Denial of Service prank meant to crash Apple´s iMessage. The report comes from The Next Web who writes that these developers had been receiving the messages over the past week. It´s believed that the people behind the prank are affiliated with the iOS software pirating community and are using the iMessage app on Mac OS X. Though thoroughly annoying – the victim has to constantly clean out messages and notifications – the prank does reveal a small weakness in Apple´s iMessage.
The Next Web claims that only a half dozen iOS developers and general hackers have been hit by this prank. One such victim, who is widely known across the iOS and hacker communities as “iH8sn0w,” told The Next Web that his private iMessage account was flooded last Wednesday with multiple and repeating messages.
Interestingly enough, the developer for the popular jailbreaking tool “Sn0wbreeze” was bombarded with messages containing the credo of the hacking collective known as Anonymous.
The developer also received simplistic messages which read only “HELLOHUMAN.”
The iOS jailbreak developer told the Next Web that he immediately disabled the email address associated with that iMessage account and began tracking the email addresses used to send the messages. As for the messages themselves, the jailbreak developer created a proof-of-concept to show how someone could quickly flood an iMessage “inbox” using AppleScript.
Grant Paul, another iOS developer in the jailbreaking community, had his iMessage queue flooded with similar messages.
“What´s happening is a simple flood: Apple doesn´t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” explained Paul, speaking to The Next Web.
Furthermore, Paul says that a prankster could send a “complex´ message complete with unicode characters to completely crash the app. This could even break iMessage and prevent it from opening again.
The developers who have been hit by this prank believe the hucksters are using throw-away email addresses to set up accounts and send the spam-like messages. The person responsible for sending these messages is also believed to sell UDIDs, or unique device identifiers. These identifiers are often bought and sold amongst iOS app pirates to bypass Apple´s app DRM.
The only way to avoid receiving this kind of spam is to disable the iMessage account. However, if the prankster also gets your phone number, the only discourse left is to turn off iMessage altogether.
This prank reveals a small weakness in Apple´s iMessage, but not one which exposes a user to any real danger. Additionally, it appears as if the fix could be as simple as implementing a timer or restriction on how many iMessages can be sent in a certain amount of time.
At best, this is an annoying prank which leaves the victim locked out of their iMessage. Even if the pranksters manage to lock a person out of their iMessage account, the victim is still able to send texts and iMessages with their phone number. Yet, even though this is a insignificant flaw, Apple would do good to quickly and quietly patch it.