1. Akshay Masand's Avatar


    According to the folks over at The Next Web, a recent prank played on a group of iOS developers seems to have revealed a limitation in how Apple handles data sent through its iMessage service, which in some cases can crash the app if the incoming message is too long or contains overly complex characters.

    Popular developers such as ih8sn0w and Grant Paul were among those targeted by a specific type of denial of service (DoS) attack that overwhelmed their Messages inboxes with a load of automatically-generated transmissions. The two developers believe the messages that were sent to them via the Messages app on OS X with a simple AppleScript affecting the barrage that prompts a victim to constantly clear notifications and text. According to Paul:

    What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly.
    After the incident, ih8sn0w mocked up a proof-of-concept AppleScript to demonstrate how such an attack may work. If Apple doesn’t limit the influx of messages, a user’s app will quickly become filled with piles and piles of spam.

    The real issue that arises with the attack is with the long and/or complex messages that are received. Depending on what is sent, Messages on iOS can crash because it can’t process and display the massive amount of data correctly. According to the developers, the app will force itself to close and won’t re-open because it can’t properly render the text. As of right now, there isn’t any surefire solution to remedy the crashed Messages app.

    The publication suggests "playing around with sending a regular message, then locking the phone and activating the message notification until you’re able to time it right to delete the message thread that’s causing the problem. One thing to note is that if the attacker gets a hold of a user’s iMessage handle, the only option may be to disable the account temporarily. If a user’s phone number is compromised, iMessage as a whole may have to be turned off.

    The identity of the attack behind the attacks remains unknown at the moment but the messages appear to have originated from a Twitter account used to sell UDIDs and provisioning profiles. Disposable email accounts were being used to send the spam, making it difficult to simply block the culprit as they can simply open another and continue to bombard you with messages.

    Apple hasn’t responded to the issue just yet but we’re hoping they will soon.

    Source: The Next Web via AppleInsider

    Twitter: @AkshayMasand
    2013-03-30 12:54 PM
  2. wiipro's Avatar
    Wow. I wonder what apple will do to fix this.
    2013-03-30 02:58 PM
  3. bmwraw8482's Avatar
    Can u sign into messages on
    Osx to clear the problem messages to make it work again?
    I use a different id on each computer/ device for iMessages so I've never really tried...
    2013-03-30 03:38 PM
  4. MetalMatrix's Avatar
    Could you disable iMessages from external contacts via Settings->Notifications->Messages to prevent this attack?
    2013-03-30 03:41 PM
  5. mustard05's Avatar
    I was apart of a huge iMessage group chat consisting of about 6 people. Earlier this week, when everybody happened to be off from work, everyone started iMessaging like crazy and my phone actually crashed. I actually thought to myself "I guess iMessage cant handle that much info coming through at once. Just a coincidence i suppose.
    2013-03-30 03:45 PM
  6. AngryPIG's Avatar
    i done the same thing to my girlfriend months ago. imessaged her 1-684. and her iphone basically took a stroke.
    cydia.myrepospace.com/Real-AngryPIG/
    2013-03-30 03:54 PM
  7. steve-z17's Avatar
    i done the same thing to my girlfriend months ago. imessaged her 1-684. and her iphone basically took a stroke.
    I did that to my brothers phone, he had some simple motorola or nokia phone, but it literally freaked out and wouldn't allow him to do anything!....it was awesome.
    2013-03-30 04:18 PM
  8. Silverado1987's Avatar
    So now were sent back to the Stone Age again with text messages lol. Makes ya appreciate iMessage. At least for me cause service blows in my house
    2013-03-30 04:23 PM
  9. JesseDegenerate's Avatar
    Wow. I wonder what apple will do to fix this.

    wouldn't this arm the victim with the info needed to just attack back? Anyway hope apple can fix this with something of a server side limit, or server side duplication rules etc.
    2013-03-30 04:47 PM
  10. natemckelvie's Avatar
    wouldn't this arm the victim with the info needed to just attack back? Anyway hope apple can fix this with something of a server side limit, or server side duplication rules etc.
    Attacking back would be a waste of time because they are fake generated email accounts. A person like the one that did it to the developers would not care if it was done back because the accounts are fake. Setting up an email and an iMessage account is free. The attackers just make hundreds of fake accounts.

    The sad thing the only way i can see to stop this would be to limit the outgoing iMessage amount which could interfere with someone actually sending lots if real messages.
    2013-03-30 05:20 PM
  11. bmwraw8482's Avatar
    I did that to my brothers phone, he had some simple motorola or nokia phone, but it literally freaked out and wouldn't allow him to do anything!....it was awesome.
    That's how my sister ended up with her first iPhone years ago. I copied and pasted a message (SMS because iMessage didn't exist yet) over and over until it was somewhere around 600,000 characters long (that's when my iPhone 3G started to bog down). She was never able to use that little flip phone again!
    2013-03-30 05:32 PM
  12. ctlcretu's Avatar
    somebody can tell me why I can't use modmyi repo. there is a error and even I don't remove repo from sources I can't use cydia. i can't search or manage my packages. "wow, you excedeed the number of package names this APT is capable of."
    "problem with mergelist ..."
    2013-03-30 06:45 PM
  13. rickuk's Avatar
    somebody can tell me why I can't use modmyi repo. there is a error and even I don't remove repo from sources I can't use cydia. i can't search or manage my packages. "wow, you excedeed the number of package names this APT is capable of."
    "problem with mergelist ..."
    You should have started your own thread

    You have too many sources
    2013-03-30 06:57 PM
  14. plcrules's Avatar
    i dont get y this is such a big deal if this happens to you there is a little magic switch to turn imessages off?
    2013-03-30 07:54 PM
  15. BIG BUFF's Avatar
    Just today i sent out 2 iMessage pictures to my wife she never got it and it says its been deliver on my side.
    2013-03-30 10:57 PM
  16. swifty7's Avatar
    somebody can tell me why I can't use modmyi repo. there is a error and even I don't remove repo from sources I can't use cydia. i can't search or manage my packages. "wow, you excedeed the number of package names this APT is capable of."
    "problem with mergelist ..."
    had the same problem....easy to fix. First delete both ModmyI and ZodTTD repo's then go to Cydia's homepage
    scroll down a bit and select 'More package sources' from there select Modmyi and you're good to go.....now if you want
    to use ZodTTD repo again then you'll have to do the reverse.

    hope it helps
    2013-03-30 10:57 PM
  17. zplit's Avatar
    Just today i sent out 2 iMessage pictures to my wife she never got it and it says its been deliver on my side.
    I have this problem for about a week or two.
    Instagram: zplit
    Twitter: zplit
    2013-03-30 11:05 PM
  18. steve-z17's Avatar
    That's how my sister ended up with her first iPhone years ago. I copied and pasted a message (SMS because iMessage didn't exist yet) over and over until it was somewhere around 600,000 characters long (that's when my iPhone 3G started to bog down). She was never able to use that little flip phone again!

    Haha! Nice! There's an app in Cydia that will let you choose how many messages you want to send someone...it's a fun little prank to pull on friends/family!
    2013-03-30 11:27 PM
  19. tankz504's Avatar
    What's it called?
    2013-03-30 11:29 PM
  20. PoEtikly's Avatar
    i done the same thing to my girlfriend months ago. imessaged her 1-684. and her iphone basically took a stroke.
    Stalker.......JK
    2013-03-30 11:43 PM
28 12
LINK TO POST COPIED TO CLIPBOARD