Thursday, 21 August 2014

Spamming conquers iMessage system

The iMessage system that was introduced by Apple is a great way to send texts from one apple device to another without ever the paying fees to your mobile carrier. But over the past year, it has evolve into something of a nuisance. The iMessage has been polluted by spam message. It’s a cheap and easy way for luxury goods spammers to get their junk messages front-and-center on your phone.

A year ago, Tom Landesman—who works for security and anti-spam company Cloudmark—had never seen an iMessage spam. But he and his company now say that, thanks to one particularly aggressive campaign from a junk mailer, it accounts for more than 30 percent of all mobile spam messages.


These kinds of spam campaigns come and go. Cloudmark spotted its first one late last year, when the scammers were flogging imitation designer handbags. Lately, the spammers have been pushing deals on knock-off Ray-Ban and Oakley sunglasses.

Apple’s iMessage system spans across the iPad, iPhone, and Apple’s laptop and desktop systems. That fusion of the desktop and mobile world makes it particularly easy for scammers to write a Mac OS script that can send messages to all types of devices just as fast as Apple will allow. “It’s almost like a spammer’s dream,” says Landesman. “With four lines of code, using Apple scripts, you can tell your Mac machine to send message to whoever they want.”


Most of the time, the spammer will need a phone number to deliver the iMessage spam, but if you’ve added your email address to iMessage, the spammers can get you using that address too. (On your phone, you can see which addresses and phone numbers are associated with your iMessage account by visiting: Settings –> Messages –> Send and Receive)


Apple’s desktop client instantly tells you whether or not the number you’ve entered is registered with the iMessage network, so scammers could use this feature to generate a list of verified iMessages users. As an added bonus, iMessage notifies the scammer whether the message they’ve sent out has been read or not.

It’s very easy for spammers to register an iMessage account. All you need is an email address. We’ve seen spam sent from accounts registered to Microsoft’s hotmail.com system and to Chinese webmail providers such as Yeah.net. “In 10 minutes, if you have a whole bunch of accounts, you’d be able to send a huge volume of messages,” Landesman says.

Because the spam is all traveling on Apple’s network, your mobile carrier can’t do anything about it. That makes the clean-up job an Apple problem. Reached Monday, an Apple spokeswoman didn’t have any immediate comment for this story. But the company has taken some steps.


No comments:

Post a Comment