Some iOS Developers Targeted With iMessage “Denial Of Service” Attack
The Next Web is reporting that a group of iOS developers has been targeted with a series of rapid-fire messages on iMessage, creating a sort of denial-of-service (DoS) attack that crashes the iMessage app.
App developers iH8sn0w, well known for his jailbreak tool, and Grant Paul were among those targeted by the DoS attack that overwhelmed their respective Messages inboxes with a load of automatically-generated transmissions.
The two devs believe the messages to have been sent one after another from the Messages app on OS X, with a simple AppleScript effecting the barrage that prompts a victim to constantly clear notifications and text.
Grant Paul, one of the targeted iOS developers explains how the attack worked:
“What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” Paul says.
The second part of that, he explains, is that if a user sends a ‘complex’ text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively ‘break’ the Messages app on iOS by forcing it to close and stop it from re-opening because it can’t render that text.”
iH8sn0w mocked up a proof-of-concept AppleScript to demonstrate how such an attack may work. If Apple doesn’t limit the influx of messages, a user’s app will quickly become filled with what amounts to piles of spam.
The attacks hit at least a half-dozen iOS developer and hacker community members, and appear to have originated with a Twitter account involved in selling UDIDs, provisioning profiles and more that facilitate in the installation of pirated App Store apps which are re-signed and distributed.
Currently, there is no way to block particular senders in iMessage, though iH8sn0w said it should be possible for Apple to notice the bursts of messages and block them as repetitive spamming. Victims can also disable iMessage entirely.
[The Next Web, Mac Rumors]