He knows already
Steve know about it already - via his hacked iPhone.
A German developer has discovered that sending an AIM message to someone who has both jailbroken their iPhone and installed a hack that enables it to receive push notifications may result in your message being read by anyone else who has installed the push-enabling hack. Till Schadde, founder of equinux, tells The Reg that he …
The problem is not on an iphone which is jailbroken in itself, it's a problem with an iphone that has been 'hacktivated' to allow non-approved simcards to work in it (NOT the same thing as jailbreaking!).
My phone is jailbroken but still running on the O2 network with the original sim card and push notifications works without any extra hacks. The hacks are only needed to get push notification working with sims from unapproved networks.
Jolyon
This post has been deleted by its author
This post has been deleted by its author
...to find the actual weak point here, yet.
The hacks are spoofing the phone's ID. That makes it not a manufacturer problem, but a network provider problem, because the network provider's servers are what pushes messages to each and any phone logged in with that ID.
Considering that spoofing a phone's ID seems to be relatively simple (looks like people have already done it...), it's up to the network providers to work out a solution that more securely identifies the phones checking in. iDon't know, maybe check against a hash made from the ID with the MAC, just to name the first thing that came to my mind.
You may be right, but the fact that you are missing (or knowingly ignoring) is that the threat is highly mitigated by the fact that the phone--stock, as per manufacturer's specs--won't allow the spoofing to take place.
Perhaps this is why Apple is not contacting this "hacker" in a hurry; at the moment, only those who hack their iPhones are at risk, and so it is not Apple's problem.
I will hazzard a guess that Apple will in time lock down their infrastructure to eliminate this potential risk, but aren't in a rush to do so; nor to acknowledge a theoretical flaw in their system which can only be manifested by those who already circumvented the licensing rules and security mechanisms of the device.
-dZ.
..and just deactivate all phones with the 'hack' ID.
This isn't even all phones which are unlocked.. it's phones that haven't been activated on O2 before they were unlocked, so they never got their unique ID . Since apple stores generally don't let you leave the store without activating the phone, that's not going to be a huge percentage of phones.
Actually this flaw could be utilised quite easily.
Step 1. Write 'push' app, wait for people to register push on your server.
Step 2. Find a juicy device token
Step 3. Modify your phone to have that token. Install AIM. Wait.
It should be damned near impossible to spoof devices, but it appears to be trivially easy.. which means that something is badly wrong, security wise.