While a variety of sources have published a story accusing the iPhone 3.0 software of broadcasting instant messages to random iPhones, in reality this exploit affects only users who have hacked their phone and made it vulnerable.
The problem allegedly occurs through AOL Instant Messenger’s push feature in phones that have been jailbroken (allowing the use of unauthorized software) and unlocked (allowing the phone to be used on a non-approved carrier). However, it is not yet clear exactly what causes the issue, though Till Schadde, who discovered the exploit, said AOL officials told him the problem is not on their side.
Till discovered the exploit by sending an AIM message to an iPhone using iChat on his Mac OS X desktop. He said his message appeared not only on the iPhone 3G of the intended recipient, but also on the iPhone 3GS of a complete stranger.
But without user tampering, the iPhone’s security layer actually prevents this sort of incident from happening. With the security layer gone, messaging becomes more dicey, it seems.
Apple’s Push Notification Service (PNS) is based on XMPP Publish-Subscribe, an open specification for delivering updated feeds of information using Jabber-style instant messages.
In order to secure the delivery of these messages, Apple uses SSL certificates to securely authenticate the client with the service, similar to how HTTPS websites authenticate themselves to visitors to enable SSL-secured banking, shopping, or other transactions. The iPhone automatically generates itself a private and public key pair, and uses these to register itself with Apple’s PNS servers and secure all of its subsequent transactions. The private key and public certificate work together to act as identifying credentials, like a user name and password.
Without having such a mechanism for authenticated identity in place, the iPhone would be deluged by marketers sending push message spam to users, just as spammers have long targeted email, SMS, and Microsoft’s Windows Messaging popups, none of which included any inherent security in their designs. Apple’s security system prevents users from receiving push message notifications from anyone apart from the system and applications the user explicitly approves.
Related Posts
-
iPhone SMS vulnerability patch expected to be released this weekend
-
O2 MMS Photo Messaging app now available
-
iPhone And Hacking Concerns
It looks like Apple has released a new iPhone 3.1.3 update for iPhone, iPhone 3G, and iPhone 3GS users.
Google will be releasing their Nexus One aka Google phone today. Will Nexus One be an iPhone killer? The answer is no.
No, the falling Apple logo on the Google hompage doesn't have anything to do with Apple Inc. It is there to celebrate the birthday of Sir Isaac Newton.
As I was browsing Google today I noticed a new logo which Google created to honor Sir Isaac Newton.
For me, the best free iPhone app in the Apple App Store would have to be the Dragon Dictation iPhone app. The Dragon Dictation iPhone app allows you to speak in to your iPhone and have your speech converted to text.
Google is working on a new phone, and it’s called the Nexus One. No, Nexus One is not a code name, it’s the real name of the phone that you see in the picture above.
When the holiday season rolls around, people that rarely have a beverage start throwing down the spiked eggnog like it is water.
The much anticipated debut of the iPhone in South Korea finally took place on Saturday and it was a huge hit.
As has been said here and many other places, one can only imagine that Apple was ready to do battle with the Droid and that they were merely waiting for the release of their competitions top product before finalizing their latest version.