Till Schadde, founder of development house Equinux, has discovered an exploit – a broadcast error, really – that sends your AIM messages to random recipients without your knowledge or consent. The problem seems to happen in unlocked/jailbroken iPhones and results in a alert appearing on a recipients home screen bearing your message.
Till tested the service by sending an AIM from the OS X desktop using iChat to his iPhone. He then received a reply back from a random recipient. It is clear that this is a Push problem in the message addressing – each iPhone is assigned its own identifier and receives messages from a central server operated by Apple – although this may change.
No information is available on which iPhones this exploit effects.
This centralized system is clearly having trouble with unlocked and jailbroken iPhones. Perhaps something in activation causes the IDs to be crossed? We’ll be talking to Till shortly but until then avoid sending much personal identifying information over AIM, not that you’ve been doing that anyway, right?
As we all know you should not say anything on any networked application that you wouldn’t yell in a crowded room.