A series of seemingly prank texts sent over Apple's iMessage system targeted a group of iOS developers over the last couple of days, crashing their apps.
The spate of rapid-fire texts highlight a certain limitation in how the Cupertino giant handles data sent through its iMessage system. In some cases, if the incoming message is too long or contains characters that are too complex, the app simply crashes.
According to The Next Web (TNW), iOS app developers iH8sn0w and Grant Paul were just two of the devs targeted by a type of denial of service (DoS) attack. The texts overwhelmed their Messages inbox with a storm of automatically-generated transmissions.
The two developers believe the messages were sent one after another from the Messages app on OS X, using an AppleScript to clear the step that prompts the receiver to check out notifications and text.
"What's happening is a simple flood: Apple doesn't seem to limit how fast messages can be sent, so the attacker is able to sent thousands of messages very quickly," explains Paul. Meanwhile, iH8sn0w mocked up a proof-of-concept AppleScript to show how an attack like this may unfold. In simple terms, if Apple doesn't limit the incoming messages, a user's app will become full of spam in no time.
While a continuous spate of prank texts can be annoying but not too severe, extraordinarily long or complex messages do pose real issues. As previously mentioned, such messages can cause iOS Messages to crash because it fails to properly process and display the amount of data. According to the developers, the app will simply force-close and will be unable to re-open because it still can't properly handle the text.
It is unknown at this point who is behind the attack, but one of the texts sent repeatedly claimed to be from Anonymous.
"We are Anonymous/ We are legion/ We do not forgive/ We do not forget/ Expect us," read the text in question.
The messages seem to have come from a Twitter account used to sell UDIDs and provisioning profiles. Whoever sent the spam used disposable email accounts, which makes it more difficult to block the prankster. Apple did not issue a response yet.
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.