Feeds

iPhone push hack shoves IMs to complete strangers

You talkin' to me?

New hybrid storage solutions

A German developer has discovered that sending an AIM message to someone who has both jailbroken their iPhone and installed a hack that enables it to receive push notifications may result in your message being read by anyone else who has installed the push-enabling hack.

Till Schadde, founder of equinux, tells The Reg that he sent a message over AIM using iChat on his Mac - with all relevant security settings enabled, such as SSL - to a friend's iPhone. He did know that this iPhone, which was running iPhone Software 3.0, had been jailbroken and that its owner had installed two hacks to enable push notifications: this one and this one.

Schadde was surprised to hear back not from his friend, but from a total stranger in the US - a person who had also installed the offending hacks. He sent Schadde a screenshot proving that he had, indeed, received the same message that Schadde had sent to his European friend.

Apparently, the hacks - or one of them, at least - install the same iPhone ID on any phone that has been so hacked, resulting in any messages being sent to them by Apple's push services to be also received by other similarly hacked iPhones.

Schadde speculates that the problem is not the fault of AOL (AIM's creator) - representatives of which, in fact, contacted him after a report of the problem first surfaced in CrunchGear.

And although the problem appears only on hacked iPhones, it appears to be rooted in a security flaw in the Apple implementation of the Push notification system, according to Schadde. "There appears to be something hackable in the notification," he said.

Schadde hasn't contacted Apple about the problem - even though, as he says, "I think it's kind of major." After all, he told us, in these days of instant worldwide communication, his discovery is sure to have already been noticed in Cupertino. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Net neutrality fans' joy as '2.3 million email' flood hits US Congress
FCC invites opinions in CSV format, after Slowdown day 'success'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.