Chpwn and other developers hit with iMessage DoS attack

By , Mar 30, 2013

imessage spam

Over the past few days, several well-known iOS and jailbreak developers have reported that they’ve been hit with an iMessage DoS, or denial of service, attack. The attacks feature a series of spam messages that end up crashing the iMessage app.

The list of affected developers include Sn0wBreeze creator iH8sn0w, Zephyr creator Chpwn, and others. And the perpetrator has been tracked to a Twitter account involved in selling things like provisioned UDIDs and Siri proxy servers…

The Next Web‘s Matthew Panzarino explains:

“The messages, likely transmitted via the OS X Messages app using a simple AppleScript, rapidly fill up the Messages app on iOS or the Mac with text, forcing a user to constantly clear both notifications and messages.

In some instances, the messages can be so large that they completely lock up the Messages app on iOS, constituting a ‘denial of service’ (DoS) attack of sorts, even though in this case they appear to be a prank. Obviously, if the messages are repeated an annoyingly large volume but don’t actually crash the app, they’re still limiting the use you’ll get out of the service. But if a string that’s complex enough to crash the app is sent through, that’s a more serious issue.”

Apparently, the prankster has created an AppleScript that can quickly send hundreds of iMessages to a single user filled with Unicode and other hard-to-render characters, crashing the app—in some cases for good, as iMessage struggles to load the text.

iH8sn0w says that the attacker, which started messaging him Wednesday night, claimed to be a part of the hacker group anonymous, but some quick recon debunked that facade. Jailbreak dev Ryan Petrich did some digging of his own, and found this:

The bigger problem here is that Apple obviously isn’t monitoring its iMessage service for things like spamming, leaving the door open for future attacks. And right now, the only remedy for the issue is to disable the iMessage account that’s affected.

Panzarino says that he’s contacted Apple with the problem, but has yet to hear back from them. At the very least, he’s hoping that it will add the ability to block a users, or some kind of white list feature, to prevent this from becoming a bigger problem.

Apple launched iMessages in 2011, alongside iOS 5, for the iPhone, iPad and iPod touch. And in 2012, it rolled it out to Mac OSX. Tim Cook told investors earlier this year that it’s now facilitating the sending and receiving of over 2 billion message per day.

Image credit: Adam Bell

  • Share:
  • Follow:
  • Mr_Russ1an

    Chpwn is misspelled in the title.

    • Jordi Bull

      What an error :D

    • Melvco

      yikes! Thank you, fixed!

  • Jonathan

    Done that to my friend. Didn’t know there was a term for it. He had to clean restore. Ouch.

    • Kurt

      You’re a good friend

  • luis gonzalez

    This is Kinda funny!… A hacker messing with another hacker…But not really, those guys are the main reason why we have the cool tweaks! This is just going to cause another firmware update. Sorry this happened to you guys.

    • Manuel Molina

      Or it could be a good reason for Apple to wake up on how easy such things are to do via iMessage, and it can help make black/white list on iOS 7. Having a block button for iOS or iMessage would be stellar.

  • Aehmlo

    Well, as I’m sure they know, they can purge the SQL database in sms.db, and then write a tweak to delete all messages from that email address, or any repeated/gibberish messages, all very easily.

  • iBanks

    Is it not possible that this came from the app available on Cydia a few days ago called SMSFlooder?

    • http://www.facebook.com/people/James-Bailey/100001793622814 James Bailey

      Looks like it.

  • http://twitter.com/pokeh123 Shawn Davis

    The Applescript for something like this is very simple. I do it to my friends all the time. Theres even a way to make the SMS app stop crashing. Just dont display the message and you can fix it.

  • http://twitter.com/pokeh123 Shawn Davis

    Oh and also. iMessage is capped at 50 messages per 1 minute. Still a lot but everyone says there is no cap.

  • WolfgangHoltz

    Most things Apple do seems to be crap. They patch all Jailbreak flaws others find, but for every flaws they patched it seems they open up one or more new ones.
    Selling fruit is maybe easier to manage, and you have the right name and logo for it.

    • Lordthree

      Awesome story!

  • https://twitter.com/MrElectrifyer MrElectrifyer

    If only they used iBlacklist….

  • http://www.facebook.com/joe.jonsen Joe Jonsen

    omg is apple fighting back?

  • f1ght3r

    Maybe chpwn will stop gouging us with high tweak prices

  • NgLC

    Coder vs coder :D that’s sooo epic XD

  • Dlevi309

    I was one of the guys who got this

  • Lordthree

    It will be fixed shorty. Super easy to block.

  • Jonathan

    If you’re jailbroken, can’t you delete sms.db?