Feeds

iPhone push hack shoves IMs to complete strangers

You talkin' to me?

Next gen security for virtualised datacentres

A German developer has discovered that sending an AIM message to someone who has both jailbroken their iPhone and installed a hack that enables it to receive push notifications may result in your message being read by anyone else who has installed the push-enabling hack.

Till Schadde, founder of equinux, tells The Reg that he sent a message over AIM using iChat on his Mac - with all relevant security settings enabled, such as SSL - to a friend's iPhone. He did know that this iPhone, which was running iPhone Software 3.0, had been jailbroken and that its owner had installed two hacks to enable push notifications: this one and this one.

Schadde was surprised to hear back not from his friend, but from a total stranger in the US - a person who had also installed the offending hacks. He sent Schadde a screenshot proving that he had, indeed, received the same message that Schadde had sent to his European friend.

Apparently, the hacks - or one of them, at least - install the same iPhone ID on any phone that has been so hacked, resulting in any messages being sent to them by Apple's push services to be also received by other similarly hacked iPhones.

Schadde speculates that the problem is not the fault of AOL (AIM's creator) - representatives of which, in fact, contacted him after a report of the problem first surfaced in CrunchGear.

And although the problem appears only on hacked iPhones, it appears to be rooted in a security flaw in the Apple implementation of the Push notification system, according to Schadde. "There appears to be something hackable in the notification," he said.

Schadde hasn't contacted Apple about the problem - even though, as he says, "I think it's kind of major." After all, he told us, in these days of instant worldwide communication, his discovery is sure to have already been noticed in Cupertino. ®

Next gen security for virtualised datacentres

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?