Jailbroken iPhones Send Push Notifications to Random Strangers?
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted July 21, 2009 at 11:39am by iClarified
Certain jailbroken iPhones may be sending your push notifications to complete strangers, says Till Schadde, founder of Equinux.
According to a Tech Crunch report, Schadde has discovered a bug that sends your AIM messages to random recipients without your knowledge or consent. The problem only seems to occur with jailbroken devices.
Schadde was sending a message from his desktop to his iPhone when he received a message back from a complete stranger. The recipient also forwarded him a screenshot of the notification he received.
On his Twitter feed Schadde posts that, there seems to be a brand new hack that reactivates push with the effect that received msg are broadcasted to strangers
We are looking into this matter and will post more information once it becomes available. If you have experienced this or know of a fix please share it in the comments.
This happens from time to time, yes!
And I guess this is also why I sometimes don't get push notifications ment for me either, cause they're sent off to someone else...right? =/
Ok... I'm having this problem too and it's happening on all of my chatting apps that stay logged in when I don't have the program open.
One thing that is happening to me that I haven't seen anyone really mention is that I'm not actually getting any of my own push notifications and just other peoples... (actually... as I'm writing this I got the first one ever meant just for me)
I'd like to know more about how the identifiers work... It would seem to me that the phone's unique id (IEMI) would be recognized by there server and that's the identifier. I'm probably wrong however... I'm on tmobile and it looks like I sometimes get push notifications for me (mostly never) and I frequently get other peoples notifications. It definitely has to be a problem with "Push Fix" because it's happening across all apps with push notification
If there is one "identifier" that is on 1000 different phones... your push notifications are liable to go ANYWHERE!
I use +IM //That hapenned to me like 10 times, its say xxxxxx@xxx.com and the message. i dont know who's the user of the message i got..
__________________
Iphone 2g Jailbreaked
I'm on a 3g jailbroken iPhone with os 3.0 and push fix installed.
I don't know if my messages have been pushed to other users, but i'm getting random notifications from somebody I don't know.
They only fact I can throw here is that the notifications are always from the same user and come from IM+3
Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.
Users who don't jailbreak their iPhone won't experience any problems with messages being broadcast to random other users. But those who tamper with the iPhone's security system will have to figure out how to generate SSL authentication keys appropriately to enable the phone to work with PNS messages correctly.
Russian messages for me... I'm in Italy...
Mine is a first generation edge iphone, jailbroken and hacktivated. I'm pretty sure that is "push-fix" certificates to blame
Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.
Users who don't jailbreak their iPhone won't experience any problems with messages being broadcast to random other users. But those who tamper with the iPhone's security system will have to figure out how to generate SSL authentication keys appropriately to enable the phone to work with PNS messages correctly. I copy this from www.apple insider.com
That is a LIE, it only happens in devices with push notification fix that use the public certificates like the ones posted in the Cydia tutorial in this page so it does not happen in all jailbroken phone and it does not happen if you use your own certs for the push notification fix.
It is true, the Push Notifications fix is the cause, this is not a bug, the only way to fix this is if you are officially activated and not using the shared certificates.
I agree, it started happening to me ever since I downloaded Push Fix from Cydia! I'm gonna delete it n c if it stops! I was assuming this was the case, now I'm convinced PushFix is what's causing it!
oz_paulb said 10:37AM on 7-21-2009
The title of the article is VERY misleading/sensationalistic - I thought a true exploit of 'push notification' had been found (until I read - at the very end of the summary -that it only affects jailbroken phones).
Isn't this well known (to the jailbreaking community - the people affected)?
The 'solutions' out there for push notification on jailbreak (as far as I understand) were implemented by grabbing 'push keys'/etc from an authorized phone and then distributing those keys to others.
Many people with these same keys have experienced the problem of getting other people's messages. Presumably it's because these 'keys' are an identifier to Apple, and they are using it to decide where to send messages. If multiple people's phones identify themselves as the same phone, it'll presumably confuse the Apple servers.
If you want 'push' to work, I believe you'll need an officially 'activated' iPhone (or an iPod touch).
I'm a couple of weeks behind on my iPhone 'push notification' news - maybe things have progressed - although I really doubt a solid 'fix' will be released for jailbreak users.
↓↑report
Happened to me to! Got some strange messages from someone i didnt know. I only got the messages on the lockscreen. Once i opened my im there where no messages from the sender...