Certain jailbroken iPhones may be sending your push notifications to complete strangers, says Till Schadde, founder of Equinux.
According to a Tech Crunch report, Schadde has discovered a bug that sends your AIM messages to random recipients without your knowledge or consent. The problem only seems to occur with jailbroken devices.
Schadde was sending a message from his desktop to his iPhone when he received a message back from a complete stranger. The recipient also forwarded him a screenshot of the notification he received.
On his Twitter feed Schadde posts that, there seems to be a brand new hack that reactivates push with the effect that received msg are broadcasted to strangers
We are looking into this matter and will post more information once it becomes available. If you have experienced this or know of a fix please share it in the comments.
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (22)
Comments are closed for this article.
0
Howard - July 22, 2009 at 2:32pm
This happens from time to time, yes!
And I guess this is also why I sometimes don't get push notifications ment for me either, cause they're sent off to someone else...right? =/
0
Push - August 6, 2009 at 5:01pm
Ok... I'm having this problem too and it's happening on all of my chatting apps that stay logged in when I don't have the program open.
One thing that is happening to me that I haven't seen anyone really mention is that I'm not actually getting any of my own push notifications and just other peoples... (actually... as I'm writing this I got the first one ever meant just for me)
I'd like to know more about how the identifiers work... It would seem to me that the phone's unique id (IEMI) would be recognized by there server and that's the identifier. I'm probably wrong however... I'm on tmobile and it looks like I sometimes get push notifications for me (mostly never) and I frequently get other peoples notifications. It definitely has to be a problem with "Push Fix" because it's happening across all apps with push notification
If there is one "identifier" that is on 1000 different phones... your push notifications are liable to go ANYWHERE!
0
Ely - July 22, 2009 at 1:46pm
I had the same problem, does anyone know how to fixed?
0
Diego Ra - July 22, 2009 at 12:29am
I use +IM //That hapenned to me like 10 times, its say xxxxxx@xxx.com and the message. i dont know who's the user of the message i got..
__________________
Iphone 2g Jailbreaked
0
None45 - July 21, 2009 at 8:47pm
Does this affect 3GS phones or only the 2g phones?
0
Sergio del Amo - July 21, 2009 at 8:32pm
I'm on a 3g jailbroken iPhone with os 3.0 and push fix installed.
I don't know if my messages have been pushed to other users, but i'm getting random notifications from somebody I don't know.
They only fact I can throw here is that the notifications are always from the same user and come from IM+3
0
m_thoroughbred - July 22, 2009 at 7:26pm
Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.
Users who don't jailbreak their iPhone won't experience any problems with messages being broadcast to random other users. But those who tamper with the iPhone's security system will have to figure out how to generate SSL authentication keys appropriately to enable the phone to work with PNS messages correctly.
0
Oscar - July 21, 2009 at 4:56pm
This has totally happened to me to!!!!
0
jorge silva - July 21, 2009 at 4:52pm
I'm receiving random messages from other user here in portugal. The messages are almost always in russian
0
bb80 - July 21, 2009 at 4:22pm
What about iPod touch users?
0
Brk - July 21, 2009 at 3:39pm
Russian messages for me... I'm in Italy...
Mine is a first generation edge iphone, jailbroken and hacktivated. I'm pretty sure that is "push-fix" certificates to blame
0
m_thoroughbred - July 22, 2009 at 7:29pm
Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.
Users who don't jailbreak their iPhone won't experience any problems with messages being broadcast to random other users. But those who tamper with the iPhone's security system will have to figure out how to generate SSL authentication keys appropriately to enable the phone to work with PNS messages correctly. I copy this from AppleInsider
0
Daniel Goncalves - July 21, 2009 at 2:23pm
That is a lie, it only happens in devices with push notification fix that use the public certificates like the ones posted in the Cydia tutorial in this page so it does not happen in all jailbroken phone and it does not happen if you use your own certs for the push notification fix.
0
m_thoroughbred - July 21, 2009 at 6:32pm
you're telling me that this happens to all devices yet You got your info from a jailbreak tool enough said
0
attnck - July 22, 2009 at 7:54am
It is true, the Push Notifications fix is the cause, this is not a bug, the only way to fix this is if you are officially activated and not using the shared certificates.
0
Adel - July 16, 2010 at 8:08pm
I agree, it started happening to me ever since I downloaded Push Fix from Cydia! I'm gonna delete it n c if it stops! I was assuming this was the case, now I'm convinced PushFix is what's causing it!
0
m_thoroughbred - July 21, 2009 at 1:32pm
oz_paulb said 10:37AM on 7-21-2009
The title of the article is VERY misleading/sensationalistic - I thought a true exploit of 'push notification' had been found (until I read - at the very end of the summary -that it only affects jailbroken phones).
Isn't this well known (to the jailbreaking community - the people affected)?
The 'solutions' out there for push notification on jailbreak (as far as I understand) were implemented by grabbing 'push keys'/etc from an authorized phone and then distributing those keys to others.
Many people with these same keys have experienced the problem of getting other people's messages. Presumably it's because these 'keys' are an identifier to Apple, and they are using it to decide where to send messages. If multiple people's phones identify themselves as the same phone, it'll presumably confuse the Apple servers.
If you want 'push' to work, I believe you'll need an officially 'activated' iPhone (or an iPod touch).
I'm a couple of weeks behind on my iPhone 'push notification' news - maybe things have progressed - although I really doubt a solid 'fix' will be released for jailbreak users.
↓↑report
0
Mellon - July 21, 2009 at 12:53pm
I have been experiencing this. Mostly receiving push notifications in german for some reason even if I my self is located in Sweden.
0
Luke - July 21, 2009 at 1:14pm
Happened to me to! Got some strange messages from someone i didnt know. I only got the messages on the lockscreen. Once i opened my im there where no messages from the sender...
0
simon - July 21, 2009 at 1:15pm
i have the same problem with im+ app.
i receive a lot of text from unknown people in weard language
0
carlos - July 21, 2009 at 1:19pm
this isn´t only in IM+... the problem is with all push notifications...
0
Jawad - July 21, 2009 at 1:46pm
same problem with mine too, this started the day the fix for JB phones got released, hard to believe its been REPORTED now...
![Apple Releases iOS 26.4.1 and iPadOS 26.4.1 With Bug Fixes [Download]](/images/news/100492/100492/100492-160.jpg "Apple Releases iOS 26.4.1 and iPadOS 26.4.1 With Bug Fixes [Download]")
![Apple TV Debuts 'Criminal Record' Season 2 Trailer [Video]](/images/news/100488/100488/100488-160.jpg "Apple TV Debuts 'Criminal Record' Season 2 Trailer [Video]")
![13-inch MacBook Air M5 Drops to $949 in New All-Time Low [Deal]](/images/news/100466/100466/100466-160.jpg "13-inch MacBook Air M5 Drops to $949 in New All-Time Low [Deal]")
