Late last week, several iOS developers were hit with a denial of service attack that used Apple iMessages as the vector. According to a report in The Next Web, Grant Paul (chpawn), iH8sn0w and a half-dozen other developers were flooded with text messages that crashed the iMessages app on iOS.
The person or group behind the attack is not known, but The Next Web believes it originated with a Twitter account that sells UDIDs and provisioning profiles to iOS owners who want to sideload pirated apps. The attacker likely used the OS X Messages app and Applescript to automate the sending of text messages. When the attack was in full swing, the recipient is forced to clear a non-stop stream of notifications and messages.
Unforunately, there is no way for a user to stop an influx of messages destined for their inbox. Once your iMessage ID is known publicly, anyone can send you an iMessage. Because there is no option to block messages from a specific iMessage sender, you are forced to either read every incoming message or turn off iMessages completely.
This problem is compounded in iOS 6 and OS X Mountain Lion as Apple allows you to associate both your phone number and your email address with your iMessage ID. Phone numbers are usually kept private, but an email address can be easy to find with just a bit of Googling. If a malicious person discovers your iMessages email, there is no way to stop him or her from clogging your inbox with messages. Hopefully, Apple reads these reports and develops a way to detect and shut off this bulk spamming before it hits the recipient's devices.
For a user, the best way to avoid this type of attack is to keep your iMessage email and phone number out of the public realm. If possible, use a public email address for your website and a private one for your iMessage ID. If your iMessage email is already out there, you can always disable receiving iMessages to that email address.
On iOS, you can go to Settings > Messages > Send & Receive to change the numbers and email addresses that can receive a message. On OS X, open the Messages app and select "Messages" from the menu. Then select Preferences and click on the Accounts tab. Click on your iMessage ID and make sure your email address is not selected under the "You can be reached for messages at:" heading.
- Key specs
- Type Smartphone
- Operating system iOS
- Screen size 4.7 inches
- Internal memory 16 GB
- Carriers (US) AT&T
- Dimensions 5.44 x 2.64 x 0.28 in
- Weight 5.04 oz
- Released 2015-09-25