updated 01:28 pm EDT, Wed August 20, 2014
AppleScript, multi-platform hooks make spamming easier
Over 30 percent of all mobile spam messages are now being sent through Apple's iMessage system, claims Tom Landesman, a security researcher at Cloudmark. Many of the messages are pushing fake luxury products, such as sunglasses and handbags. Landesman explains that spammers are -- or were -- taking advantage of several aspects of Apple's ecosystem. However, Apple has responded to the charge, and said that some countermeasures have been implemented.
The most fundamental is that iMessage is preloaded on every Mac, iPad, iPhone, and iPod touch, and syncs across those devices. Through AppleScript, it becomes possible to make a Mac automate the process of spamming content to thousands of people on multiple platforms, particularly hitting people who have iMessage linked to an email account and not just a phone number.
The Messages Mac app also notifies people whether or not a number is registered with iMessage, so it becomes relatively easy to generate a verified list. Read notifications let spammers check whether an account is active.
An Apple spokeswoman says she doesn't have a comment on the matter, but the company has already adopted some countermeasures in the past year. Rate-limiting prevents spammers from overwhelming the network, and people can email Apple with a screenshot and a spammer's details to get them banned. The company can, however, be relatively slow to enact those bans, taking days.