Some Cydia Developers Targeted With iMessage Denial Of Service Attack

Over the last few days, we’ve noticed that some of the prominent iOS hackers and Cydia developers have been targeted with what appears to be denial of service attack.

The attacker/s seem to be using the OS X Messages app to send large number of messages in quick succession to their iMessage handle, which in some cases is locking up the Messages app.

The Next Web who got a chance to discuss the issue with the hackers reports:

The messages, likely transmitted via the OS X Messages app using a simple AppleScript, rapidly fill up the Messages app on iOS or the Mac with text, forcing a user to constantly clear both notifications and messages.

In some instances, the messages can be so large that they completely lock up the Messages app on iOS, constituting a ‘denial of service’ (DoS) attack of sorts, even though in this case they appear to be a prank.

Grant Paul aka chpwn, developer of popular jailbreak tweaks such as Zephyr, explains that the attacker can crash a recipients Messages app by sending a complex text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply using a message that is enormous in size.

Here’s a screenshot of the Messages app:

imessage_attack

 

Since it is not possible to block a user from sending the message in the Messages app, the only option the users currently have is to remove the iMessage handle from the Settings temporarily or disable iMessage completely if the attackers have the phone number.

Here’s a screenshot of a small section of a large unicode text block that could crash the Messages app:

imessage_crash

 

The exact motive of the attack is not yet clear, but the report notes that it seems to originate from a handle with a Twitter account that is involved in selling UDIDs, provisioning profiles and into piracy of App Store apps.

As of now the only solution is to wait for Apple to put systems in place to ensure that a user cannot cause a denial of service attack by sending large volume of messages. It also highlights the need to add a blacklist feature to the Messages app so one can block such attacks from a casual spammer or prankster.

The issue doesn’t seem to be widespread but let’s hope Apple takes steps to prevent such attacks with a better spam detection system before it goes out of hand.

Update:

Twitter user DJBANDR tells us that even he was targeted:

Via: The Next Web

Like this post? Share it!