Till Schadde, founder of development house Equinux, has discovered an exploit – a broadcast error, really – that sends your AIM messages to random recipients without your knowledge or consent. The problem seems to happen in unlocked/jailbroken iPhones and results in a alert appearing on a recipients home screen bearing your message.
Till tested the service by sending an AIM from the OS X desktop using iChat to his iPhone. He then received a reply back from a random recipient. It is clear that this is a Push problem in the message addressing – each iPhone is assigned its own identifier and receives messages from a central server operated by Apple – although this may change.
No information is available on which iPhones this exploit effects.
This centralized system is clearly having trouble with unlocked and jailbroken iPhones. Perhaps something in activation causes the IDs to be crossed? We’ll be talking to Till shortly but until then avoid sending much personal identifying information over AIM, not that you’ve been doing that anyway, right?
As we all know you should not say anything on any networked application that you wouldn’t yell in a crowded room.
just want to test
It looks like I am another victim of random messages arriving on my unlocked/jailbroken iPhone and the messages that were intended for me never coming to me at all. Apple is actively blocking and/or breaking push notifications for unlocked/jailbroken iPhones resulting in the mess that it is. Read more here:
http://gizmodo.com/5313607/apple-may-be-blocking-push-notifications-in-unlocked-iphones
I hope dev-team is able to do something about it.
From reading the jailbreak forums, it was because the “hack” had someones credentials in it, which is why it happened.
Push seems kind of random on my 2g, anyways.
Exactly. There’s nothing “hack” about this. To put it simply: if I give you my certificate and you put it on your phone, then of course you’re going to get my messages!
I do have it working fien with ebuddy though, so apple isnt blocking it. Just download the pushfix from Cydia.
That can be problem with jail-braked phones. Some development problem, isn’t it?
This isn’t an exploit at all – just a bug.
Sounds like a bug of some kind in the code and the way the identifiers work. Silly system anyway; easy to break.
From everything I’ve read on this issue, it sounds more likely it’s an AIM problem, not an Apple one.
This isn’t really a bug at all. The push notification mechanism uses a public/private key generated during activation to identify the account. The “hack” used to make push work on these unlocked phones is to copy a key generated from a previously activated phone onto them. Voila, all these phones share the same key, and thus the same push account.
Thank you! I can’t believe that NONE of the places pushing this story have figured this out yet!
Bad research, FUD, who knows.
The fix the dev team released for push notifications required files from another ipod touch/iphone :
youtube-cert.bin
youtube-key.bin
push-cert.bin
push-key.bin
If you know anything about SSL you’ve just worked out how the misdelivered IM thing might work.
The problem with the dev team fix was not everyone had access to another handset or someone with a touch running 3.0. So it was only a matter of time before someone enterprising soul released these files on the torrent networks.
[I don't know how the package in Cydia works, but I'd imagine it's the same way]
Hmm, this could really turn out to be an embarassment, I doubt too many people heed your last word of advice: “As we all know you should not say anything on any networked application that you wouldn’t yell in a crowded room.”
So, it basically transforms AIM to Twitter.
But it’s not a problem for jailbroken/unlocked iPhone, it’s for Hacktivated iPhone. I use a iPhone 3G unlocked, but before jailbreak i use the original carrier SIM so i already get my own certificate and don’t use one that Dev-Team use to fix Push Notification problems.
My phone is not unlocked or jailbroken. It’s a 3Gs running 3.0 and I received a random IM last night through BeeJive with a link to www1youtube.com wrapped up as a bit.ly link. Clicking on it took me to the spoof and asked me to verify my age by entering my mobile number. Ridiculous.
Is it possible this isn’t only affecting/exploiting unlocked/jailbroken phones?
I’m having the same issue; mine is not unlocked or jailbroken. got a random bit.ly link and now my phone has been sending the same randomly to my list. extremely frustrating and annoying.
All iPhones (Jailbroken or not) will be on the receiving end. If the person sending the IM has a jailbroken phone, this is when the receiving end may become randomized. The message you received about the fake youtube site seems to be from a type of AIM bot that appears to be spamming people. It’s good you didn’t fall for the spoof.
If random people tell you that they’ve received messages from you, this is when I’d start to worry.