Here’s Why Your iMessage Spam Runneth Over

In the two years since Apple birthed iMessages, the texting system has been a revelation for iPhone and Mac users. Few could dispute the convenience of being able to text other Apple users without relying on carriers (or even phones, for that matter). Unfortunately, that promised land of SMS couldn’t remain unspoiled forever.

The system started showing a few cracks, the latest of which is best summarized by one word: spam.

Cloudmark security researcher Tom Landesman told Wired that there’s one super-spamming operation largely responsible for littering the Apple landscape, though neither he nor his company seems to know who the party or parties responsible for this assault on our iPhones may be.

What he can say is that this prolific junk mail operation has sent so much SMS detritus, iMessage now accounts for more than 30% of all mobile message spam. 

How Apple Inadvertently Helped The iSpammers

One of iMesssages’ handiest features is its ability to work across iPhones, iPads, iPod Touches and Mac computers. Turns out, that’s also the wide-open door that lets in these garbage texts. “With four lines of code, using Apple scripts, you can tell your Mac machine to send message to whoever they want,” Landesman said.

With that, Apple gadgets are quickly becoming gateways into a seedy world of cheap sunglasses, knock-off designer handbags and grey market mail-order pharmaceuticals. 


Yes, that is a screenshot of my actual phone. And yes, I did actually try to ask the spammer for an interview—even though I know full well it’s likely a bot. #journalism

In the past, phone spammers could only robo-text cell numbers, but thanks to iMessage working over email addresses—used primarily by iPad and Mac users—they have another way in to do their dirty work. Even worse, Apple unwittingly made this easy for them.


Yikes! You can tell whether someone’s an iMessage user by just typing in their email or phone number into the Mac desktop program.

Convenience features for users become effective weapons in the hands of spammers. Type a number or email into the Mac’s iMessage application, and it will tell you whether it’s registered in iMessage or not. Now, with automation, just multiply that by the hundreds or even thousands. The system can even send back a “read receipt,” letting the senders know when you’ve looked at their junk mail.

And pinning down those creeps won’t be easy. Anyone can register on iMessage using any type of email account, whether one or hundreds of them.

The Carriers Must Be Laughing

Phone spam used to be a huge problem for cellular carriers. But they must be chuckling now, considering iMessage was designed to bypass their networks (and money-grubbing control).

So with this, they can gleefully watch the shenanigans on the sidelines. This spate of iMessage junk has landed like a thud in Apple’s court.

The iPhone maker hasn’t completely buried its head in the sand, though its efforts have been fairly meager. Landesman pointed out the company’s “rate-limiting” policy, a sort of frequency limit to block machine-gun iMessages, and a user-reporting process requiring people to email screenshots of the junk message and any sender contact details.

That likely will do little to stave off the iSpam, which will only get worse over time. Apple will need more than a few half-hearted attempts, if it wants to head off these trash artists. 

The iOS -OS X messaging service has been suffering several dings lately. Last spring, the headlines zeroed in on a widespread bug that revealed how the system held up texts between current and former iMessage users. 

Neither Apple nor Cloudmark’s Tom Handesman responded to requests for comment on this story.

Images by Adriana Lee for ReadWrite

Facebook Comments

New

Rising

Popular