Over the last few days, we’ve noticed that some of the prominent iOS hackers and Cydia developers have been targeted with what appears to be denial of service attack.
The attacker/s seem to be using the OS X Messages app to send large number of messages in quick succession to their iMessage handle, which in some cases is locking up the Messages app.
The last message was sent literally thousands of times. Took a few minutes of tapping to get back to the start!
— Grant Paul (chpwn) (@chpwn) March 29, 2013
The Next Web who got a chance to discuss the issue with the hackers reports:
Grant Paul aka chpwn, developer of popular jailbreak tweaks such as Zephyr, explains that the attacker can crash a recipients Messages app by sending a complex text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply using a message that is enormous in size.The messages, likely transmitted via the OS X Messages app using a simple AppleScript, rapidly fill up the Messages app on iOS or the Mac with text, forcing a user to constantly clear both notifications and messages.In some instances, the messages can be so large that they completely lock up the Messages app on iOS, constituting a ‘denial of service’ (DoS) attack of sorts, even though in this case they appear to be a prank.
The iMessage spammer has now completely locked me out of my iOS Messages app, by sending long strings of Unicode chars. Definitely a DoS.
— Grant Paul (chpwn) (@chpwn) March 29, 2013
Here’s a screenshot of the Messages app:
Since it is not possible to block a user from sending the message in the Messages app, the only option the users currently have is to remove the iMessage handle from the Settings temporarily or disable iMessage completely if the attackers have the phone number.
Here’s a screenshot of a small section of a large unicode text block that could crash the Messages app:
The exact motive of the attack is not yet clear, but the report notes that it seems to originate from a handle with a Twitter account that is involved in selling UDIDs, provisioning profiles and into piracy of App Store apps.
As of now the only solution is to wait for Apple to put systems in place to ensure that a user cannot cause a denial of service attack by sending large volume of messages. It also highlights the need to add a blacklist feature to the Messages app so one can block such attacks from a casual spammer or prankster.
The issue doesn’t seem to be widespread but let’s hope Apple takes steps to prevent such attacks with a better spam detection system before it goes out of hand.
Update:
Twitter user DJBANDR tells us that even he was targeted:@chpwn @iphonehackx earlier today i started getting random lines of chars and the imessage app crashed and will no longer let me message ...
— DjBANDRSNATCH (@DjBANDR) March 30, 2013
0 comments:
Post a Comment