Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

Hackers break iPhone push messaging, blame Apple

Prince McLean, AppleInsider

A variety of sources have published a story accusing the iPhone 3.0 software of broadcasting “your AIM [instant] messages to random recipients without your knowledge or consent.” In reality, the problem is created by hackers experimenting with their phones without understanding what they were doing. Without user tampering, the iPhone’s security layer actually prevents this from happening.

Hackers break iPhone push messaging, blame Apple.

17 comments

1 mr_kitty { 07.22.09 at 5:14 pm }

In fairness, the hackers did not blame Apple, the bloggers that reported this problem (with their unlocked iPhones) did.

2 Gwydion { 07.22.09 at 5:29 pm }

The problem is not with jailbroken iPhones, the problem is with hacktivated iPhones.

When jou jailbreak your unlocked iPhone or you jailbreak a legally activated iPhone you don’t need to use fake certificates, you use you real certificate in iTunes.

FUD, this is that article.

3 danieleran { 07.22.09 at 6:14 pm }

I am forbidden from citing false sources of information in AI articles because those sites don’t want to be called out for posting false information.

Gwydion, I’ll acknowledge that you are angry about the article, but you seem to have missed the point. The problem is, as the headline and leading paragraph clearly present, that hackers supplied their own credentials as part of the hack for other users to use, resulting in everyone getting the same messages. This is NOT APPLE’s FAULT nor a flaw in the iPhone software.

You can complain all you want about whether you think the concept of “jailbreaking” was maligned, but your complaints about this being FUD are simply wrong and out of line. It is a simple statement of facts about what is happening, and what is being falsely reported. Your crying over the supposed assault you imagine I’m launching on jailbreaking is embarrassing and juvenile. How about joining an adult conversation.

4 Gwydion { 07.22.09 at 6:20 pm }

People who blames Apple for that are misinformed or stupids, it’s not Apple fault.

But the case is that involvinf EFF in a case that doesn’t relate (jailbreaking does not equal to illegal phone activation) is also misinforming and embarrassing.

5 danieleran { 07.22.09 at 6:38 pm }

Jailbreaking and unofficial activation are both tampering issues that result in compromised security and problems that the users (and the press) frequently throw back at Apple. The article was about the reports blaming iPhone 3.0 for sending users messages to random recipients. This was wrong for the reasons I outlined.

Your knee jerk reaction to launch a personal attack against me over an irrelevant distinction you felt was meaningful is simply wrong.

However, you did get what you wanted. The article on AI has now been watered down into unreadable drivel that speaks of “alleged problems” and suggests nobody knows why they are happening.

You win! What’s your next target: global warming, health care, or the “round earth”?

6 cy_starkman { 07.22.09 at 11:32 pm }

: ( Daniel only ever replies to the dodgy comments, I need to be more inflammatory in my comments so I can feel the love.

As for unlocked phones being the root problem, well that’s not even close to true, because an unlocked iPhone purchased from Apple does not have the problem.

The problem is cracking the phone to force an unlock and then sharing the crack. It’s age old, like when you crack Adobe software and so have 100,000 other people with the same crack. Problems surface when dealing with the company servers.

Well OBVIOUSLY

… and cracking is not hacking, this always gets me going. Hacking is used to add or change functionality by stretching a system, you can hack without a line of code and break nothing. Using text boxes and floating images in Word to turn it into a desktop publishing program is a form of hacking.

Cracking is about breaking things/breaking into a thing; to crack it open. Crackers and Hackers have different motivations.

After market carrier unlocking is cracking. The jailbreak is cracking too but contains hacking. Applications written under jailbreak that do things like add a network selector drop down, or made video on 2G and 3G iPhones, that is hacking.

Hackers need to be defending their linguistic turf more.

So after market unlocked phones aren’t hacked, they are cracked, okay

LOL

7 Hackers break iPhone push messaging, blame Apple — RoughlyDrafted … | myiphones.co.cc { 07.23.09 at 1:32 am }

[...] here to see the original: Hackers break iPhone push messaging, blame Apple — RoughlyDrafted … iPhone Softwares iPhones amazon apple blame-apple brett-arends buyer-guide hackers history iphone [...]

8 Tardis { 07.23.09 at 11:09 am }

Daniel, your AI article starts “While a variety of sources …. in reality this exploit affects only users who have hacked their phone and made it vulnerable.”

Looking at what Til Schadde actually said, I think this should read “While a variety of sources …. in reality this exploit affects only iChat messages sent to users who have hacked their phone and made it vulnerable, meanwhile also sending copies of the message to random legitimate iPhone users.”

I have not seen enough to know whether these “random strangers” all continue to receive copies of messages sent to a single hacked iPhone, a number of hacked iPhones or that copies of messages are sent to a different random stranger every time.

The problem is that Till Schadde himself is suspect, since he acknowledges he has friends who have “hacked” iPhones he sends the messages to.

9 Tardis { 07.23.09 at 11:21 am }

Looking at Til Schadde’s Twits again, it appears possible that the quoted part should read:

“While a variety of sources …. in reality this exploit affects only iChat messages sent to users who have hacked their phone and made it vulnerable. As a result of the hack, a message sent to any hacked iPhone is also sent to all users of iPhones which have been hacked by the same exploit.”

Does anyone know of a random legitimate user who has received such a message?

If not, and if a chat message goes to all users because the “hack” has the same user credentials every time, that is surely just what every user of the hack deserves.

10 greendave { 07.23.09 at 12:34 pm }

Daniel, what are you doing? You seen to be getting paranoid about anything anti-Apple. First your Brett Arends rant and now you blog a reference to “a variety of sources” publishing “a story” and then unjustly slap down Gwydion.

There are many, many articles about Apple with factual inaccuracies written from highly uninformed viewpoints (try reading the guardian.co.uk tech column!) – you need to rise above trying to slam them all – like Apple itself does. It just isn’t fun to read blogs that spend their time moaning and complaining about the failings of others – it isn’t big and it isn’t clever.

Please write something informative and interesting for us – I can form my own judgements on other people’s columns.

11 greendave { 07.23.09 at 12:41 pm }

…. such as Betanews reports (via The Loop) that according to market research firm NPD, Apple claimed 91% of the revenue market share for computers costing $1,000 or more in June.

And follow it up with some research in Apple’s real share of the personal computer computer market after you take away all the massive corporate PC purchases from the figures.

Or the estimate that Apple has 20% share of the worldwide mobile phone profits in the last F1/4.

I found those a bit more interesting that whether ‘a story’ incorrectly implied a fault with the iPhone!

12 d235j.1 { 07.23.09 at 5:25 pm }

@danieleran:

You’ve got it a bit wrong. What actually happened is as follows:
Push messaging doesn’t work on phones that aren’t officially activated. (A jailbroken or unlocked phone may very well be officially activated though, mine is. [I'm an AT&T customer anyway.]) This is because the initial handshake with Apple, when the certificates necessary for Push to function are copied to the phone, never takes place.
So, the hackers released a program that allows a user to copy the certificates from one jailbroken phone (officially activated) to another (unofficially activated). This was labeled as a “preliminary workaround,” and absolutely not final in any way. [This was released via Twitter, http://bit.ly/ZwAMM
Later, different people took their own certificate (or maybe someone else’s), packaged it with the tool that’s used to copy the certificate back onto the phone, and put it on the major repositories. This is what caused all these problems.

In any instance, you can have an unlocked and jailbroken phone that works properly without this problem at all … it only becomes a problem when the phone isn’t activated properly.

Dan, please be more careful next time. I usually enjoy reading your articles, but something of this quality isn’t acceptable by my standards.

13 enzos { 07.23.09 at 10:39 pm }

It is called Roughly Drafted, after all.. David(?), and I’m sure Dan doesn’t mind being corrected on the basis of fact (as you seem to have), as opposed to opinion or rhetoric. (my $0.02 worth)
Gratuitous remarks: I like and value this place because I delight in using Apple products and their stream of ideas, abhor the pernicious influence of M$ and its shills, enjoy a bit of good-natured jousting among grown ups (unlike with AI, etc.!) and (as much as a non geek can) like to keep up to date on gizmo happenings. (another $0.02 worth)
Cheerz

14 d235j.1 { 07.23.09 at 11:04 pm }

Basically, my point is that the real hackers know what this does, and are not blaming Apple at all. But some who didn’t know as much put the risky, unfinished tools in easy reach, and of course people got burned…and then Apple is blamed.

This is a great place, though the old articles (and series …will the 404 errors ever be fixed?) are still some of the best anywhere.

Personally, I use Apple products when I can, and Linux elsewhere. It annoys me that many in the “free software” movement think of Apple as another M$ … sure, I don’t like DRM and don’t think Apple should have interfered with iPod Hash [they do have every right to block the Pre though], but those are just minor issues compared to the bigger picture.

–Dave

15 Tardis { 07.24.09 at 10:22 am }

So when Wired http://www.wired.com/gadgetlab/2009/07/iphone-encryption/ reports that “Hacker Says iPhone 3GS Encryption Is ‘Useless’ for Businesses” is the “hacker” showing off a real iPhone or a “hacked” iPhone?

16 Joel { 07.24.09 at 11:04 am }

Phonees may be unlocked by carriers. Jailbreaking is when you do this counter to the carriers intentions.

I think Dan is trying to pre-empt stories like this one in the trashy El Reg.

‘And although the problem appears only on hacked iPhones, it appears to be rooted in a security flaw in the Apple implementation of the Push notification system, according to Schadde. “There appears to be something hackable in the notification,” he said.”‘
http://www.theregister.co.uk/2009/07/21/push_notification_vuln/

17 Dave { 07.24.09 at 11:41 am }

@Tardis:
That “hacker” is very well respected in the security / forensics field. Basically, he’s shown that the encryption the the iPhone 3GS uses only prevents someone from physically removing the flash memory chip and reading it out … because the iPhone doesn’t use real filesystem encryption (like PGP’s Whole Disk Encryption or TrueCrypt), a modified loader can be used to dump the whole data partition unencrypted. See http://www.youtube.com/watch?v=5wS3AMbXRLs for a demo.

@Joel:
When you jailbreak a phone (or device), all you’re doing is getting full read/write access to the whole disk (in the case of the iPhone, flash memory). Unlocking is somewhat more complicated to do without the carrier’s approval (and such unlocking has been declared legal in the United States).
This isn’t a security flaw at all, rather people who don’t know what they’re doing (wannabe “hackers,” very different from real hackers like Jonathan Zdziarski) make a “push fix” easy to obtain, which then causes this problem.
Apple could have made their code verify the certificate against the device UDID or serial number, which would prevent this from ever happening … but still, it’s not Apple’s fault.

You must log in to post a comment.