Feeds

iPhone push hack shoves IMs to complete strangers

You talkin' to me?

Providing a secure and efficient Helpdesk

A German developer has discovered that sending an AIM message to someone who has both jailbroken their iPhone and installed a hack that enables it to receive push notifications may result in your message being read by anyone else who has installed the push-enabling hack.

Till Schadde, founder of equinux, tells The Reg that he sent a message over AIM using iChat on his Mac - with all relevant security settings enabled, such as SSL - to a friend's iPhone. He did know that this iPhone, which was running iPhone Software 3.0, had been jailbroken and that its owner had installed two hacks to enable push notifications: this one and this one.

Schadde was surprised to hear back not from his friend, but from a total stranger in the US - a person who had also installed the offending hacks. He sent Schadde a screenshot proving that he had, indeed, received the same message that Schadde had sent to his European friend.

Apparently, the hacks - or one of them, at least - install the same iPhone ID on any phone that has been so hacked, resulting in any messages being sent to them by Apple's push services to be also received by other similarly hacked iPhones.

Schadde speculates that the problem is not the fault of AOL (AIM's creator) - representatives of which, in fact, contacted him after a report of the problem first surfaced in CrunchGear.

And although the problem appears only on hacked iPhones, it appears to be rooted in a security flaw in the Apple implementation of the Push notification system, according to Schadde. "There appears to be something hackable in the notification," he said.

Schadde hasn't contacted Apple about the problem - even though, as he says, "I think it's kind of major." After all, he told us, in these days of instant worldwide communication, his discovery is sure to have already been noticed in Cupertino. ®

Security for virtualized datacentres

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.