AIM Messages Sent to Unlocked iPhones Routed to Unintended Recipients

CrunchGear reports that developer Till Schadde has discovered a security flaw that allows AIM instant messages sent to certain unlocked and jailbroken iPhones to be misrouted to unintended recipients.

Till tested the service by sending an AIM from the OS X desktop using iChat to his iPhone. He then received a reply back from a random recipient. It is clear that this is a Push problem in the message addressing - each iPhone is assigned its own identifier and receives messages from a central server operated by Apple - although this may change.

Schadde reports that AOL is investigating the issue, although he suggests that AOL says that the issue is not the result of anything happening in their systems. Initial indications are that the bug appears to be related to a hack being developed to skirt Apple's blocking of Push Notifications to unlocked iPhones, with the hack possibly somehow causing device identifiers to be mis-assigned through Apple's servers. It is not yet clear how widespread the problem is and to how many devices misrouted messages are being sent.