back to article iPhone push hack shoves IMs to complete strangers

A German developer has discovered that sending an AIM message to someone who has both jailbroken their iPhone and installed a hack that enables it to receive push notifications may result in your message being read by anyone else who has installed the push-enabling hack. Till Schadde, founder of equinux, tells The Reg that he …

COMMENTS

This topic is closed for new posts.
  1. Mark 108
    Black Helicopters

    He knows already

    Steve know about it already - via his hacked iPhone.

  2. Anonymous Coward
    Anonymous Coward

    Hmmmm...

    Someone hacked service from Apple, and the hack has serious flaws. Sounds like Apple's problem alright!

  3. Marvin the Martian
    FAIL

    Why bother Apple with this?

    Kids break their toys and go whine to the provider? Yeah makes sense to me.

  4. Blain Hamon
    Pint

    This just in...

    Hack to make the iPhone not work as it was designed... makes the iPhone not work as it was designed. Film at 11.

  5. Rolf Howarth

    Umm...

    How is this newsworthy? Someone installs some dodgy, non-approved software that rebroadcasts messages sent to it, and it's supposed to be the hardware manufacturer's fault?

  6. James 55
    Alert

    @ people not saying Apple should know

    This is a security risk potentially allowing people to spoof iPhone ID's because they are demonstratably hackable.

  7. Lost in a maze of twisty messages, all alike.

    Re: Rolh, Blain, Marvin, AC etc

    maybe apple users are used to runnning everything under one uid, but back in the real world you can't normally read someone else's messages without their security details. a mere userID shouldn't hack it.

  8. Jolyon Ralph
    Boffin

    Let's be a bit more accurate here

    The problem is not on an iphone which is jailbroken in itself, it's a problem with an iphone that has been 'hacktivated' to allow non-approved simcards to work in it (NOT the same thing as jailbreaking!).

    My phone is jailbroken but still running on the O2 network with the original sim card and push notifications works without any extra hacks. The hacks are only needed to get push notification working with sims from unapproved networks.

    Jolyon

  9. Chris iverson

    what whining?

    I didnt see any whining here. its more "hey look what I found! may want to think twice about this hack". Also not particularly Apples problem but something that they should investigate to see if it can affect other services

  10. This post has been deleted by its author

  11. Anonymous Coward
    Anonymous Coward

    Wat

    There's some very dodgy logic in this comment thread. "It's OK for hackers to be able to eavesdrop on push notifications because they've hacked their phones." is the message I got. I am dissapoint.

  12. jubtastic1

    Heh

    Re Simon Newton

    Nail on the head, and of course when Apple fixes it so that you can't spoof ID's and therefore breaks the push hacks again, the comments will be filled with "That why Apple is evilz" comments.

  13. This post has been deleted by its author

  14. stizzleswick
    FAIL

    And nobody managed...

    ...to find the actual weak point here, yet.

    The hacks are spoofing the phone's ID. That makes it not a manufacturer problem, but a network provider problem, because the network provider's servers are what pushes messages to each and any phone logged in with that ID.

    Considering that spoofing a phone's ID seems to be relatively simple (looks like people have already done it...), it's up to the network providers to work out a solution that more securely identifies the phones checking in. iDon't know, maybe check against a hash made from the ID with the MAC, just to name the first thing that came to my mind.

  15. DZ-Jay

    @Simon Newton

    You may be right, but the fact that you are missing (or knowingly ignoring) is that the threat is highly mitigated by the fact that the phone--stock, as per manufacturer's specs--won't allow the spoofing to take place.

    Perhaps this is why Apple is not contacting this "hacker" in a hurry; at the moment, only those who hack their iPhones are at risk, and so it is not Apple's problem.

    I will hazzard a guess that Apple will in time lock down their infrastructure to eliminate this potential risk, but aren't in a rush to do so; nor to acknowledge a theoretical flaw in their system which can only be manifested by those who already circumvented the licensing rules and security mechanisms of the device.

    -dZ.

  16. Tony Hoyle

    Apple could be nasty here..

    ..and just deactivate all phones with the 'hack' ID.

    This isn't even all phones which are unlocked.. it's phones that haven't been activated on O2 before they were unlocked, so they never got their unique ID . Since apple stores generally don't let you leave the store without activating the phone, that's not going to be a huge percentage of phones.

  17. Tony Hoyle

    @Simon Newton

    Actually this flaw could be utilised quite easily.

    Step 1. Write 'push' app, wait for people to register push on your server.

    Step 2. Find a juicy device token

    Step 3. Modify your phone to have that token. Install AIM. Wait.

    It should be damned near impossible to spoof devices, but it appears to be trivially easy.. which means that something is badly wrong, security wise.

  18. Anonymous Coward
    Anonymous Coward

    Hack it

    So you're telling me that I only need to find out my boss's iPhone's ID and then hack my iPhone to have the same ID then I can secretly receive all the push notifications they my boss gets?

  19. Dave 142

    No

    If you had your bosses ID he'd still have to have hacked his phone too for this to work

This topic is closed for new posts.

Other stories you might like