According to the folks over at The Next Web, a recent prank played on a group of iOS developers seems to have revealed a limitation in how Apple handles data sent through its iMessage service, which in some cases can crash the app if the incoming message is too long or contains overly complex characters.
Popular developers such as ih8sn0w and Grant Paul were among those targeted by a specific type of denial of service (DoS) attack that overwhelmed their Messages inboxes with a load of automatically-generated transmissions. The two developers believe the messages that were sent to them via the Messages app on OS X with a simple AppleScript affecting the barrage that prompts a victim to constantly clear notifications and text. According to Paul:
What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly.
The publication suggests "playing around with sending a regular message, then locking the phone and activating the message notification until you’re able to time it right to delete the message thread that’s causing the problem. One thing to note is that if the attacker gets a hold of a user’s iMessage handle, the only option may be to disable the account temporarily. If a user’s phone number is compromised, iMessage as a whole may have to be turned off.
The identity of the attack behind the attacks remains unknown at the moment but the messages appear to have originated from a Twitter account used to sell UDIDs and provisioning profiles. Disposable email accounts were being used to send the spam, making it difficult to simply block the culprit as they can simply open another and continue to bombard you with messages.
Apple hasn’t responded to the issue just yet but we’re hoping they will soon.
No comments:
Post a Comment