Crossed messages with AIM Push

Posted Jul 21st 2009 12:17PM by Edwin Aoki
Filed under: AIM, AIM (Free Edition)

Recently, several blogs have posted articles suggesting that they've been able to get push notifications from AIM intended for other people. These articles go on to imply that there's been an "exploit" of AIM or of Apple's push notification system that allows this behavior to occur.

All of us take our members' privacy very seriously, so although we've not heard from any users affected by this problem, we began investigating the issue at once, and we believe that unless you've purposefully hacked your phone, your IMs and push notifications remain safe.

Read on after the jump if you want the gory details.

All of the reports available to us have to do with jailbroken phones. These are phones which have been hacked so they can run non-Apple approved software or get around other limitations imposed by the iPhone's OS. In the past, jailbroken iPhones have not been usable against Apple's push notification system (for AIM or any other push apps), because the jailbreaking process interfered with the way in which an iPhone registers itself with Apple's push notification servers.

It appears that someone has managed to hack this process and create a way in which jailbroken iPhones could register with these services. It's our suspicion that this process has been applied to more than one phone, but each phone was registered with the same identification. If that were the case, it would mean that when Apple sent out a push notification, it would go to more than one device. We don't know the internals of Apple's systems, of course, so we can't be sure that this is the case, but it does seem to match what we're reading.

We have no reports of this happening to non-jailbroken phones, and I continue to believe that AIM messages and push notifications are perfectly safe. Thanks to you, we send millions of notifications a day to AIM users all over the world, and if even a fraction of a percent of those were being misdirected, we'd hear about them.

We're working with Apple to try to nail down these latest reports, and we're also looking at ways that we might be able to detect these cases and block them. In the meantime, if you're feeling especially paranoid, you can always set your notification preferences to only show the name of the sender and not the message itself. Just launch AIM and go to My Info->Preferences->Push Notifications and choose "Brief" or "Sender Only". That way, the contents of your messages won't be exposed in a push notification message.

Thanks for your continued support of AIM. We're listening to all of your feedback and are working hard to try to get as much of it as we can into future versions.

Resources

Most Commented Posts

Most Recent Comments

Blogroll

AOL iPhone Web Apps

About The Team

Hi. I'm Edwin Aoki, and I'm a Technology Fellow at AOL. Contrary to popular belief (and wishful thinking) this doesn't mean I get to sit around and be fed grapes while thinking Deep Thoughts. In fact, I can't remember the last time I had any Deep Thoughts, let alone the last time anyone fed me grapes. But I'm thrilled to be part of the iPhone development effort at AOL, and I hope to provide some perspective on what it is we do here, why we do it, and to hear your thoughts on how we can do it better. You can follow my updates @edwinaoki.

Hi, I'm Christina Wick, Technical Director for the AOL Mac team. My team is responsible for the development and testing of all the desktop Mac applications as well as a bunch of iPhone apps including AIM, AOL Radio, SHOUTcast, touchTXT, and many more. I took over managing the Mac team a little over two years ago when AOL decided to "Get Back on the Mac." Since then, we have released numerous desktop products and iPhone apps. We look forward to bringing more exciting apps to the Mac community. I'm on Twitter, if you would like to follow me - @ChristinaWick.

My name is Lee Givens and I'm the Product Lead for the Mac products at AOL and you can find me on the Mac@AOL blog too. When I'm not at the office, I'm probably in line at the local Apple Store whenever a new iPhone is released (actually, when anything from Apple is released :) I've been at AOL since 2007 and lead product management for Mac and iPhone apps. During my spare time, I collect vintage Macs (and Apple IIs) and root for the Univ. of Maryland Terps. If you would like to follow me, I'm at @MacGivens.

Subscribe

Subscribe to AOL iBlog News & Updates

 Subscribe in a reader


For Feeds by Mail, enter your email address:

© 2007-2009 AOL LLC. All Rights Reserved

Get the behind-the-scenes perspective on the iPhone development at AOL. Learn about new features, and provide feedback and suggestions to the people who build AOL software for the iPhone and iPod touch