Push Notification glitch causing IM misrouting | iLounge News


Push Notification glitch causing IM misrouting

A new problem with Apple’s Push Notification service and hacked iPhones is causing AIM messages to be sent to unknown/random recipients without the user’s knowledge. Till Shadde, CEO of Equinux, discovered the glitch by sending an AIM from his Mac to his iPhone, only to get a response back from an unknown user. According to his Twitter stream, the problem manifests itself when sending a message to a hacked iPhone containing the Push Notification service hack, Shaddde claims that any message sent to a hacked iPhone running the Push hack “seems to be broadcasted to all hacked phones.” Apple is believed to be actively blocking Push Notification service on hacked or unlocked iPhones.

Related Stories



You should re-title this article.  Push notifications for non-hacked iPhones is fine.  This is how bad info is propagated.  And non-techie users start to believe there may be a problem.

At the very least, lead off the story that it only applies to hacked iPhones for push!

Posted by Joel on July 21, 2009 at 2:15 PM (CDT)


Really, what do you expect?

I’m sure the push service works on a system of unique ID’s for each iPhone device being registered with the notification server. I would imagine somewhere along the hacking process there is a single ID being propagated to each iPhone device in the hack code. This would explain the one message to multiple devices issue which will not be an issue for regular users.

That said however, this could mean that there is a potential for a hacker to configure their phone to spoof any number of iPhones and receive the respective iPhones push notification???

Posted by Mark on July 21, 2009 at 3:13 PM (CDT)


@Mark: If the push notifications are using public-key encryption, then the issue is that the jailbroken phones are all using the same key pair; if a hacker has your private key, then yes, they can spoof your iPhone and get your push notifications…but it’s not as simple as just “configuring their phone”.

Posted by ckd on July 22, 2009 at 12:57 PM (CDT)


Although I haven’t looked into the specifics of this particular issue (yet), from what I understand of the Apple activation procedures, the iTunes-iPhone handshake that occurs when you first connect your new device to iTunes issues a public/private key pair that is unique to your device.  Hacked/jailbroken iPhones have not gone through the normal iTunes activation process, since iTunes would naturally refuse to activate them without a valid SIM card and carrier account.

This was the same problem people had getting YouTube to work back in the early days of jailbreaking the first-generation iPhone. Many users of unlocked/jailbroken iPhones discovered that the YouTube app wouldn’t work at all.  The problem is that the iPhone authenticates to YouTube using the certificate/key set that generated during the iTunes activation process.  The workaround in this case was to supply a generic certificate for all of the jailbroken iPhones to access YouTube.  This of course worked without any real consequences since YouTube didn’t really care about the certificates being device-specific.

The also goes back to the question of whether Apple was ever actively blocking push notifications on hacked iPhones, any more than they were actively blocking YouTube two years ago.  If Push Notifications require an Apple-issues certificate, and hacked iPhones don’t actually have the certificate because they weren’t activated by iTunes, then they won’t receive push notifications simply because they’re missing the necessary credentials to communicate with Apple’s push notification servers.

Posted by Jesse Hollington on July 22, 2009 at 1:22 PM (CDT)

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2018 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy