iPhone OS 3.0 Spam Exploit

2 minute read

The good silly folks over at AppleInsider are reporting on a flaw that might open the iPhone OS 3.0 to mass spam. While there is some truth to their claims, they are also being unnecessarily alarmist and making false claims.

The specifics of this exploit is that when you hacktivate an iPhone (i.e. activate it using Jailbreak), your iPhone will be using a private/public key pair to register with Apple’s PNS (Push Notification Service) that already exists, in other words, it will be using a key that was not generated to your iPhone but that will be common to everyone who hacktivates their iPhone.

As a result, when a notification comes addressed to that key, all of the iPhones in the world that have been hacktivated would in theory receive that message.

Still, at AppleInsider they claim:

Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an “unofficial activation” required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user’s credentials for signing into Apple’s PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer.

Whoa, whoa, whoa, little Timmy! Let’s debunk this, shall we?

  1. An unofficial activation (read, hacktivation) is NOT required to use it with unofficial service providers. If an iPhone is already officially activated, the jailbreak will not reactivate it.
  2. Jailbreaking does NOT necessarily mean that you want to use your iPhone with unofficial service providers. Jailbreaking simply allows you to install third-party applications, such that aren’t installed through the regular AppStore.
  3. You need to jailbreak to use the iPhone with an unofficial service provider, but jailbreaking does not have only that purpose. You can for instance jailbreak to run cracked games. Sure, it doesn’t make it any more legitimate or legal, but it is not the same thing.

Finally, I must stress the notion: if you have an officially activated iPhone and if you jailbroke it afterwards, YOU ARE SAFE. Actually, I am not sure about the status of redsn0w right now, but when it was first released the push notifications would not even work for hacktivated iPhones! Still, if you would activate your iPhone normally and then jailbreak it, you would get your push notifications working. In a nutshell, if you have it officially activated, jailbreak will not put you at risk of being spammed.

As for hacktivated iPhones… well, tough luck guys. It seems like you are better off turning of the push notifications if you don’t want to be spammed in a near future.

[via Engadget]