Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > OS X 10.8 Mountain Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 17, 2012, 01:19 PM   #1
klaxamazoo
macrumors 6502
 
Join Date: Sep 2006
iMessage Spam? [Update - Totally Easy to Spam]

Now that iMessage is available for desktops it would be pretty easy to someone to set up a robo-spammer to just send junk mail type messages to everyone.

Does iMessage do anything to make it so that only people on you Contacts list can message you?

Last edited by klaxamazoo; Feb 18, 2012 at 12:13 AM.
klaxamazoo is offline   0 Reply With Quote
Old Feb 17, 2012, 01:23 PM   #2
super tomtendo
macrumors 6502a
 
super tomtendo's Avatar
 
Join Date: Aug 2009
Location: Florida
Quote:
Originally Posted by klaxamazoo View Post
Now that iMessage is available for desktops it would be pretty easy to someone to set up a robo-spammer to just send junk mail type messages to everyone.

Does iMessage do anything to make it so that only people on you Contacts list can message you?
Well, you need the persons Apple ID... and what would stop them from doing it on iDevices? It wouldn't just be a computer thing.
__________________
Current: 2013 27" iMac + 2010 11" MacBook Air | Retired: 2008 15" MacBook Pro
super tomtendo is offline   0 Reply With Quote
Old Feb 17, 2012, 01:30 PM   #3
qCzar
macrumors regular
 
Join Date: Feb 2011
Quote:
Originally Posted by notor1oustg View Post
Well, you need the persons Apple ID... and what would stop them from doing it on iDevices? It wouldn't just be a computer thing.
Nope, you can register any e-mail with iMessage. In-fact I have multiple e-mails registered. iDevices aren't allowing it on a scale the OP is stating. Klax is thinking like Spam E-mails/Texts. It's hard on iOS because you need iMessage to send a message, with OS X it's probable that one can send iMessages with Automator.

At least, that's my take.
qCzar is offline   0 Reply With Quote
Old Feb 17, 2012, 01:34 PM   #4
super tomtendo
macrumors 6502a
 
super tomtendo's Avatar
 
Join Date: Aug 2009
Location: Florida
Quote:
Originally Posted by qCzar View Post
Nope, you can register any e-mail with iMessage. In-fact I have multiple e-mails registered. iDevices aren't allowing it on a scale the OP is stating. Klax is thinking like Spam E-mails/Texts. It's hard on iOS because you need iMessage to send a message, with OS X it's probable that one can send iMessages with Automator.

At least, that's my take.
But in order to send a message, you need to have the email/APPLE ID of the person.
__________________
Current: 2013 27" iMac + 2010 11" MacBook Air | Retired: 2008 15" MacBook Pro
super tomtendo is offline   0 Reply With Quote
Old Feb 17, 2012, 01:42 PM   #5
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Quote:
Originally Posted by notor1oustg View Post
But in order to send a message, you need to have the email/APPLE ID of the person.
That is just like how you need my e-mail address to send me spam and the vast majority of e-mails that go out are spam.

i.e. if your AppleID is anything resembling a name or a word, you are getting Spammed.

The difference between iMessage for iOS is that iOS is relatively locked-down and you would probably have to jail-break just to start abusing iMessage. On OSX, you don't need to jail break. You just need Automator or Applescript. It doesn't really matter if you have a list of real Apple ID's, you can just Spam Everything because the cost and overhead are low while the pay-off i.e. Notifications and Pop-Ups on All iOS and OSX devices is significantly larger than an e-mail that gets filtered by Google's Spam filter.

Someone could also run a bunch of OS 10.8 virtual computers on just one computer using VMWare. Then they could really take advantage of scale.

The question is. Other than someone needing to guess my Apple ID or phone number, what is protecting my phone and computer from iMessage Spam?
klaxamazoo is offline   0 Reply With Quote
Old Feb 17, 2012, 01:45 PM   #6
super tomtendo
macrumors 6502a
 
super tomtendo's Avatar
 
Join Date: Aug 2009
Location: Florida
Quote:
Originally Posted by klaxamazoo View Post
The question is. Other than someone needing to guess my Apple ID or phone number, what is protecting my phone and computer from iMessage Spam?
I would say yourself? Spam emails are from websites that you signed up with. Right? How else can someone get your emails? I hardly get any spam on my GMAIL account cause I only use it for legit websites.
__________________
Current: 2013 27" iMac + 2010 11" MacBook Air | Retired: 2008 15" MacBook Pro
super tomtendo is offline   0 Reply With Quote
Old Feb 17, 2012, 02:03 PM   #7
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Quote:
Originally Posted by notor1oustg View Post
I would say yourself? Spam emails are from websites that you signed up with. Right? How else can someone get your emails? I hardly get any spam on my GMAIL account cause I only use it for legit websites.
You don't get it because GMail has an amazing Spam filter. You don't have to sign up for anything, just have a "normal" e-mail address and your e-mail address will receive Spam even if GMail filters it for you.

That and "hardly" any spam is different from having your iPhone, iPad and computer all go off at the same time with someone's Spam message. Gmail spam is easy to ignore, phone spam is harder.

Also, they don't need your Apple ID, iMessage can send to phone numbers too:

One problem we noticed was that sending an iMessage to an iPhones phone number meant the message didn’t appear on the Mac – and vice versa – sending an iMessage to the email address didn’t appear on the iPhone…

http://gourmetpixel.com/blog_wordpress/?p=85

While I, personally, might not be able to get a specific individuals Apple ID, I sure as hell could come up with a few ten thousand legitimate ones just by using existing Spam e-mail lists, stripping the @... and replacing it with standards such as @gmail, @me, @mac, @hotmail, etc.

Once again. What is protecting my iMessage account other than obscurity of my Apple ID?

----------

Right now, if someone wants to send a text message from my phone they have to pay for the text message service and are relatively traceable. That is gone with iMessage for OS X. Little Cost overhead and lots of exposure i.e. your phone actively alerting you to the message, your iPad alerting you, and your computer alerting you all at the same time and all with a pop-up window.

It is annoying enough when I get the occasional text message spam, I can't imagine how annoying it would be if it was on the same level as e-mail spam.

----------

http://reviews.cnet.com/8301-19512_7...r-iphone-at-t/

I wonder if iMessage completes messages sent to:
yourmobilenumber@txt.att.ne

Now they don't need your Apple ID. Just a list of the block of phone numbers that AT&T has.



The article did have good information on how to block those annoying e-mail spams I was getting though.
klaxamazoo is offline   0 Reply With Quote
Old Feb 17, 2012, 02:51 PM   #8
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Confirmed - Don't need anyone's Apple ID

I just tested it. You don't need anyone's Apple ID, you can send messages to just a phone number and it is incredibly easy to get a list of valid phone numbers. Moreso than valid e-mail addresses since phone numbers follow a specific pattern


So pretty much, there is nothing to stop iMessage Spam.
klaxamazoo is offline   0 Reply With Quote
Old Feb 18, 2012, 12:00 AM   #9
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Unfortunately, it was really, really easy to make a Spam program.

To test it out I wrote a quick program to cycle through a block of numbers that were allocated to Cingular back in the day, mixed in a little Automator to reducing coding time and got back about a 1 in 25 success rate. The iMessage message sent confirmation lets you know when you have a good number.

This is pretty bad if someone as poor at coding as I am can make their own Spambot in less than an hour.

I hope Apple either puts a good Spam filter in or makes it so that you can block messages from people that aren't on your contacts list.
klaxamazoo is offline   0 Reply With Quote
Old Feb 18, 2012, 02:22 AM   #10
rorschach
macrumors 68000
 
Join Date: Jul 2003
How is this any different from before? iChat could (can) send messages to people's phone numbers as texts.

__________________
MacBook Air 13-inch (Mid 2012), iPhone 5
rorschach is offline   1 Reply With Quote
Old Feb 18, 2012, 03:13 AM   #11
jayhawk11
macrumors 6502a
 
jayhawk11's Avatar
 
Join Date: Oct 2007
Quote:
Originally Posted by rorschach View Post
How is this any different from before? iChat could (can) send messages to people's phone numbers as texts.

Image
Exactly. Much ado about nothing.
__________________
15" Retina MacBook Pro, 2.3 GHz Quad Core i7; 32 GB iPhone 5s; 32GB iPad Mini with Retina Display
Rock Chalk Jayhawk, Go KU.
jayhawk11 is offline   0 Reply With Quote
Old Feb 18, 2012, 08:59 AM   #12
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Quote:
Originally Posted by rorschach View Post
How is this any different from before? iChat could (can) send messages to people's phone numbers as texts.

Image
I tested it on my SL computer. It works but not as well as Spam using iMessage.

1) iChat is missing the confirmation which lets you know when you have a confirmed iMessage account and automatically add that phone number to a verified spam list. The verified spam list is nice because it saves time, i.e. you can run through a few ten thousand numbers, collect the verified ones and target just those in the future.

2) The provider, AOLtxt, lets the Target block messages coming from a specific user

3) The cell phone provider includes a message telling the Target how to STOP all AOL text messages. iMessage has none of that. A Target cannot stop iMessages from coming in.



iChat SMS spam was not an issue because Targets had a way to stop it. iMessage targets have NO way to stop the Spam.



iMessage is way more conducive to sending Spam with.
1) You get confirmations letting you know when you have a valid Target
2) These confirmations can be readily stripped and collected
3) There is, currently, no way to for the Target to stop it
4) You can send out a large number of messages at once by messaging 10 - 50 Targets at a time
5) The messages will pop up on more devices all at the same time in a manner that is way more intrusive than e-mail.


iMessage is a spammers wet dream.


I filed a bug report, hopefully Apple will give the users some control over who they receive messages from just like they did for the AOLtxt.
klaxamazoo is offline   0 Reply With Quote
Old Feb 18, 2012, 09:14 AM   #13
tkermit
macrumors 68020
 
Join Date: Feb 2004
Quote:
Originally Posted by klaxamazoo View Post
iMessage is a spammers wet dream.
Except that Apple has complete control over the accounts of iMessage users including potential spammers, so they could just disable spam accounts as soon as they find out about them.
__________________
___🏃_
tkermit is offline   0 Reply With Quote
Old Feb 18, 2012, 09:29 AM   #14
klaxamazoo
Thread Starter
macrumors 6502
 
Join Date: Sep 2006
Quote:
Originally Posted by tkermit View Post
Except that Apple has complete control over the accounts of iMessage users including potential spammers, so they could just disable spam accounts as soon as they find out about them.
A) You are assuming Apple finds them before you are spammed

B) And the Spammers can just as easily make new ones. It isn't hard to make an Apple ID, all you need is an e-mail address

C) 10,000 messages sent out last night tells me that Apple isn't even looking at this point.[COLOR="#808080"]



actually, as qCzar pointed out. iMessage can be tied to your e-mail account. The Spammer doesn't even need an Apple ID.

Last edited by klaxamazoo; Feb 18, 2012 at 09:42 AM.
klaxamazoo is offline   0 Reply With Quote
Old Feb 18, 2012, 01:40 PM   #15
haravikk
macrumors 65816
 
Join Date: May 2005
This is pretty worrying, all it requires is for iMessages to have an option controlling who you receive iMessages from, e.g - Everyone, Friends + Address Book, Friends Only.

Dead simple, and would be especially good if this applied across all devices, and with syncing it could even occur before it reached your device.

This should really be combined with notifications of when someone has added you so you can deny the request or allow + add to friends and/or address book.
__________________
"Early 2008" MacPro, 2 x 3.2ghz Quad-Core Xeons, 10gb DDR2 800mhz ECC RAM, 120gb Solid State Drive (Mac & Windows OS), 4 x 750gb hard-drives (striped, users/files), NVidia GeForce 8800GT (512mb).
haravikk is offline   0 Reply With Quote
Old Mar 21, 2012, 05:56 PM   #16
Redemption.Man
macrumors newbie
 
Join Date: Mar 2012
i was thinking out imessage spam when i found a way to annoy my friends via imessage. just wrote this blog post about it :http://redemptionman.com/2012/02/07/imessage-spam/

with iMessage working on jailbroken devices it is only a matter of time before someone starts off imessage spam
Redemption.Man is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > OS X 10.8 Mountain Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Is this a spam? hajime Mac Basics and Help 4 Feb 19, 2014 09:23 AM
iMessage Spam Anawrahta iOS 7 11 Dec 8, 2013 05:47 PM
Apple Support Document Unveils iMessage Spam Reporting Tool MacRumors MacRumors.com News Discussion 29 Jul 31, 2013 04:42 PM
Spam on my TV oldhifi Apple, Industry and Internet Discussion 0 Mar 9, 2013 08:25 PM

Forum Jump

All times are GMT -5. The time now is 05:02 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC