A new security flaw has emerged in Apple’s iMessage service with users in the US being flooded by messages in Chinese. Some iPhone users took to Twitter to share screenshots of their iMessage app showing text messages from unknown numbers with text written in Chinese.
Users have shared information on how their iMessage popped up a notifications saying “Your Apple ID and phone number are now being used for iMessage on a new Mac (or iPhone)”. The only option available to the user is to ‘ignore this notification’, and after you press ‘Ok’ it flooded their iMessage with these unknown messages. The hack was first noticed by a staffer at Mashable, whose Apple ID was hacked this way.
People who have been affected by the hack have been notified by Apple Support that this is not a one off incident, and many people have been reporting it.
A screenshot shared by Twitter user Brandon (@BaeKilla) shows his iMessage full of messages from different unknown numbers starting with a prefix of +86 (which is the international dial code of China). All numbers in the image are sharing the same message content and have been received in a short time span of three-five minutes.
The attack on Apple accounts of users have most likely originated from China and it was likely an attempt to gain user data. Mashable report adds that a Twitter user claims to have resolved the problem by changing the Apple ID password and turning on the two-factor authentication or two-step verification.
Check out tweets below:
Leave it to the Chinese to hack my iMessage account. Your iPhones ain’t safe pic.twitter.com/bw8GGUEcug
— Brandon (@BaeKilla) October 3, 2016
— Anaconda (@Chaunster) October 18, 2016
— John Munn (@john_munn) October 11, 2016
This is not however, the only time Apple accounts have been hacked. Back in 2014, many Hollywood celebrities had their nude and semi-nude images leaked online on a 4chan forum and it was believed the hackers managed to steal them from iCloud accounts.
Apple had also recently discovered a major security flaw in iOS, which would have allowed hackers to install spyware on the device after gaining root access. It was reported in August that Apple iOS 9 had a new zero-day vulnerability called Trident, which could allow the iPhone to be jail-broken, and then used to potentially spy on the users. Apple had then issued a new security update 9.3.5 for iOS users.
It remains to be seen if a similar update will be issued for this Apple iMessage issue. For now all iMessage users, who are worried or have weak passwords (your surname followed by a string of random digits counts as one) should update their passwords, add two factor-authentication as well update security questions.