Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 29, 2013, 07:44 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Denial of Service Prank Crashing iMessage App for Targeted Developers




The Next Web is reporting that a group of iOS developers has been targeted with a series of rapid-fire messages on iMessage, creating a sort of denial-of-service (DoS) attack that crashes the iMessage app.

Grant Paul, one of the targeted iOS developers explains how the attack worked:
Quote:
"What's happening is a simple flood: Apple doesn't seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly," Paul says.

The second part of that, he explains, is that if a user sends a 'complex' text message using unicode characters that force a browser to render 'Zalgo' text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively 'break' the Messages app on*iOS by forcing it to close and stop it from re-opening because it can't render that text."
iH8sn0w, an iOS jailbreak tool and app developer, showed TNW a proof-of-concept AppleScript that would be able to*create the barrage of iMessages. A potential spammer would only need a person's email address and the AppleScript to engage in the attack, especially after Apple unified phone numbers and email addresses in iOS 6.*

Currently, there is no way to block particular senders in iMessage, though iH8sn0w said it should be possible for Apple to notice the bursts of messages and block them as repetitive spamming. Victims can also disable iMessage entirely.

It's not clear who initiated the attack, nor why these developers were targeted, though it appears the attacks are merely a prank.

Article Link: Denial of Service Prank Crashing iMessage App for Targeted Developers
MacRumors is offline   0 Reply With Quote
Old Mar 29, 2013, 07:48 PM   #2
scapegoat81
macrumors 6502
 
Join Date: Oct 2012
Location: Phila, Pa
Beat me to it. I was just getting ready to post this.....
scapegoat81 is offline   0 Reply With Quote
Old Mar 29, 2013, 07:54 PM   #3
Speedy2
macrumors 65816
 
Join Date: Nov 2008
I find it highly surprising that Apple has not put preemptive measures in place to prevent obvious iMessage spam (e.g. extremely high number of messages in a short time).
Speedy2 is offline   8 Reply With Quote
Old Mar 29, 2013, 07:54 PM   #4
komodrone
Banned
 
Join Date: Apr 2011
Daft Punk's viral marketing at work for their new album.
komodrone is offline   8 Reply With Quote
Old Mar 29, 2013, 07:55 PM   #5
DayOfChaos
macrumors 6502
 
Join Date: Nov 2011
Great, can't wait for character limits, time limits, verifications and heck put in captcha codes as well.
DayOfChaos is offline   7 Reply With Quote
Old Mar 29, 2013, 07:56 PM   #6
SomeDudeAsking
macrumors 65816
 
Join Date: Nov 2010
Apple can't do services well, or for that matter security either: http://www.theverge.com/2013/3/29/41...about-security

And it seems like the only way to fix this attack is to completely wipe your iPhone and install every thing from scratch. Even a backup can still have the attack messages that crash iMessage.
SomeDudeAsking is offline   0 Reply With Quote
Old Mar 29, 2013, 07:58 PM   #7
Weegee1
Banned
 
Join Date: Mar 2013
Let me guess: It's from China or a Taiwan proxy?
Weegee1 is offline   4 Reply With Quote
Old Mar 29, 2013, 07:59 PM   #8
thaifood
macrumors 6502
 
Join Date: Jun 2011
I've noticed this before when I've been spammed massive text messages from friends just to be silly. It locked up the app entirely and attempted to open that particular message string would freeze the app for a number of time until it defaults back to the message list.

Alternatively, if you attempt to open the offending string and and leave it open, the message will eventually be processed and open to allow deletion. This can take a few hours though depending on the amount of data sent
thaifood is offline   1 Reply With Quote
Old Mar 29, 2013, 08:03 PM   #9
SomeDudeAsking
macrumors 65816
 
Join Date: Nov 2010
Quote:
Originally Posted by Weegee1 View Post
Let me guess: It's from China or a Taiwan proxy?
You do know that many Anonymous members are from the US, right? Not to mention 4chan. Oh, and the US gov conducts attacks on other nations.
SomeDudeAsking is offline   0 Reply With Quote
Old Mar 29, 2013, 08:07 PM   #10
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Wouldn't these have to come from an iDevice ?
Peace is offline   0 Reply With Quote
Old Mar 29, 2013, 08:08 PM   #11
WordMasterRice
macrumors 6502a
 
Join Date: Aug 2010
Location: Upstate NY
Quote:
Originally Posted by Peace View Post
Wouldn't these have to come from an iDevice ?
Not for the last year + that iMessage has been available on OSX
WordMasterRice is offline   2 Reply With Quote
Old Mar 29, 2013, 08:12 PM   #12
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by WordMasterRice View Post
Not for the last year + that iMessage has been available on OSX
Ahhh. You're correct.

Hackintosh community.

Jerks.
Peace is offline   1 Reply With Quote
Old Mar 29, 2013, 08:13 PM   #13
SomeDudeAsking
macrumors 65816
 
Join Date: Nov 2010
Quote:
Originally Posted by Peace View Post
Ahhh. You're correct.

Hackintosh community.

Jerks.
Not much hacking here, just copy and paste a message until it is big.
SomeDudeAsking is offline   3 Reply With Quote
Old Mar 29, 2013, 08:15 PM   #14
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by SomeDudeAsking View Post
Not much hacking here, just copy and paste a message until it is big.
I didn't say there was any hacking. I said it probably came from the hackintosh community.

They are lesser than script kiddies.
Peace is offline   1 Reply With Quote
Old Mar 29, 2013, 08:18 PM   #15
impulse462
macrumors 65816
 
impulse462's Avatar
 
Join Date: Jun 2009
Location: SF Bay Area
People will take you more seriously now Anonymous!
__________________
13.3" MacBook Air, 1.3GHz Core i5, 4GB RAM, 128GB SSD; 16GB Space Gray iPhone 6
impulse462 is offline   2 Reply With Quote
Old Mar 29, 2013, 08:23 PM   #16
SomeDudeAsking
macrumors 65816
 
Join Date: Nov 2010
Quote:
Originally Posted by Peace View Post
I didn't say there was any hacking. I said it probably came from the hackintosh community.

They are lesser than script kiddies.
Why does it have to be from the "hackintosh community"? Anyone can carry out this iMessage attack its so simple.
SomeDudeAsking is offline   8 Reply With Quote
Old Mar 29, 2013, 08:23 PM   #17
shahin90
macrumors newbie
 
Join Date: Oct 2012
I have seen the same exact signature ending with the "expect us" in this torrent: redacted

Last edited by stridemat; Mar 30, 2013 at 02:51 AM. Reason: Removed URL as linking to torrent site
shahin90 is offline   1 Reply With Quote
Old Mar 29, 2013, 08:30 PM   #18
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by SomeDudeAsking View Post
Why does it have to be from the "hackintosh community"? Anyone can carry out this iMessage attack its so simple.
Why ? Because its my opinion. We all have them



"The attacks hit at least a half-dozen iOS developer and hacker community members that we know of now, and appear to have originated with a Twitter account involved in selling UDIDs, provisioning profiles and more that facilitate in the installation of pirated App Store apps which are re-signed and distributed"

Last edited by Peace; Mar 29, 2013 at 08:36 PM.
Peace is offline   2 Reply With Quote
Old Mar 29, 2013, 08:58 PM   #19
macsrcool1234
macrumors 6502a
 
Join Date: Oct 2010
Quote:
Originally Posted by Peace View Post
Ahhh. You're correct.

Hackintosh community.

Jerks.
This comment wins for most ridiculous comment I have ever seen on Macrumors and that's saying something.


How do you people think this %!?# up?
macsrcool1234 is offline   11 Reply With Quote
Old Mar 29, 2013, 09:04 PM   #20
SgtPepper12
macrumors 6502
 
Join Date: Feb 2011
Quote:
Originally Posted by SomeDudeAsking View Post
You do know that many Anonymous members are from the US, right? Not to mention 4chan. Oh, and the US gov conducts attacks on other nations.
Anonymous members? 4chan?
I don't think you know what you're talking about.
SgtPepper12 is offline   0 Reply With Quote
Old Mar 29, 2013, 09:14 PM   #21
CGagnon
macrumors regular
 
Join Date: Jun 2007
wow, these guys are 1337 h@x0r. I remember when I discovered this a year ago when iMessages were still new.

n00bs
__________________
iOS Security Researcher/Hacker
rMBP 2.7/16/768
27" iMac 3.4/32/3TB Fussion
MP, Two 3.06GHz 6-Core Intel Xeon/64/2048 SSD
CGagnon is offline   0 Reply With Quote
Old Mar 29, 2013, 09:21 PM   #22
lunaoso
macrumors 65816
 
lunaoso's Avatar
 
Join Date: Sep 2012
Location: New England, USA
I guarantee you a story will come out in a day that the national database has been hacked, but everyone will be talking about how their life is ruined because their messages app on their iPhone is destroyed.
lunaoso is offline   1 Reply With Quote
Old Mar 29, 2013, 09:29 PM   #23
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by macsrcool1234 View Post
This comment wins for most ridiculous comment I have ever seen on Macrumors and that's saying something.


How do you people think this %!?# up?
You haven't been around long. I've made much worse comments.

Read the story man. It tells you who did it.

I even quoted it.
Peace is offline   7 Reply With Quote
Old Mar 29, 2013, 09:36 PM   #24
Plutonius
macrumors 601
 
Plutonius's Avatar
 
Join Date: Feb 2003
Location: New Hampshire
The Chinese government strikes again .
Plutonius is offline   0 Reply With Quote
Old Mar 29, 2013, 10:43 PM   #25
Weegee1
Banned
 
Join Date: Mar 2013
Quote:
Originally Posted by SomeDudeAsking View Post
You do know that many Anonymous members are from the US, right? Not to mention 4chan. Oh, and the US gov conducts attacks on other nations.
China funds attacks on US companies. It was on the news recently that they take college graduates and put them to hacking work. The US does hacking for military/anti-terrorism reasons. Anonymous... I don't know, they could be anywhere.

Proof of concept: I blocked China and the rest of eastern Asia from my website. Without exaggeration, hacking attempts have decreased by 99%. If I could, I'd make my router block that area on all ports for incoming packets.

----------

Quote:
Originally Posted by CGagnon View Post
wow, these guys are 1337 h@x0r. I remember when I discovered this a year ago when iMessages were still new.

n00bs
3$ mm3 h33
Mostly because I like making fun of people who use 1337$p33k.
Weegee1 is offline   4 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPhone 5c crashing + imessage problems giuliamd iPhone Tips, Help and Troubleshooting 4 May 14, 2014 05:21 PM
Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks MacRumors MacRumors.com News Discussion 31 Feb 8, 2014 09:23 PM
Apple France Targeted by Regulators Over Treatment of Resellers, App Store Lock-In MacRumors iOS Blog Discussion 34 Jul 10, 2013 03:45 AM
iMessage mac keeps crashing? Km133 OS X 10.8 Mountain Lion 2 Nov 5, 2012 08:58 AM

Forum Jump

All times are GMT -5. The time now is 05:24 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC