The Next Web is reporting that a group of iOS developers has been targeted with a series of rapid-fire messages on iMessage, creating a sort of denial-of-service (DoS) attack that crashes the iMessage app.
Grant Paul, one of the targeted iOS developers explains how the attack worked:
“What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” Paul says.
The second part of that, he explains, is that if a user sends a ‘complex’ text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively ‘break’ the Messages app on iOS by forcing it to close and stop it from re-opening because it can’t render that text.”
iH8sn0w, an iOS jailbreak tool and app developer, showed TNW a proof-of-concept AppleScript that would be able to create the barrage of iMessages. A potential spammer would only need a person’s email address and the AppleScript to engage in the attack, especially after Apple unified phone numbers and email addresses in iOS 6.
Currently, there is no way to block particular senders in iMessage, though iH8sn0w said it should be possible for Apple to notice the bursts of messages and block them as repetitive spamming. Victims can also disable iMessage entirely.
It’s not clear who initiated the attack, nor why these developers were targeted, though it appears the attacks are merely a prank.
 |
 |
