Recently, several iOS developers became victims to an iMessage DDoS attack that crashed their app and inhibited their devices. The attacks were executed using a simple AppleScript, where the attackers are able to send out an unlimited, fast-pace amount of messages to the recipient. Depending on the content of the message, the app would either crash, or would shell out notifications at an annoyingly, alarming rate.
The good news for right now is that the attacks only seem to be limited to a small group of people, and only to devices that have been jailbroken. However, the bad news is that anybody, jailbroken iPhone or not, can become a victim to these attacks. One of the victims, Grant Paul, stated, “What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly.” It also looks like the hackers are using throwaway emails, so simply blocking their email will not solve the issue.
Another victim, iH8sn0w, stated that he was attacked on Wednesday night. He received a blast of messages saying “Hello Human” and “We are Anonymous…” He was able to track down the sender’s email. The developers have discovered that the attacks originated from a Twitter account that sells UDIDs, and that the account was also responsible for facilitating the installation of pirated apps.
While these attacks are small now, they have the potential of becoming widespread. All the attacker needs is your email address. These attacks are able to stall your device because you would need to clear you iMessage queue in order to perform any other actions. Another version of the attack involves mass sending of unicode characters and/or large messages, which ends up crashing your iMessage app and prevents you from re-opening it. Right now, there are no real solutions to the problem besides disabling your iMessage app. Hopefully Apple is able to come up with an effective solution soon.
[via The Next Web]
iMessage DDoS attacks foreshadow a bigger threat is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.