Is Apple's iMessage the new favorite tool of spammers worldwide? A widely-quoted recent article written by Wired's Robert McMillan suggests it is, even going so far as to claim that iMessage "is being taken over by spammers."
Largely based on an interview with security analyst Tom Landesman, McMillan states that, thanks of a few enterprising fraudsters who have figured out a way to take advantage of Apple's networks, iMessage accounts for some 30 percent of all mobile spam, and that the company's efforts at stemming the onslaught of unwanted messages are moving too slowly to catch up with the spammers.
But is the problem really that dire? A closer look at the numbers suggests that the iMessage spampocalypse may be a ways off yet.
A very real problem
Let's start with the bad news: iMessage spam is a real thing. Although I haven't personally fallen victim to it, Macworld editors Dan Frakes and Dan Moren have each seen the emoji-laden marketing pitches, as has Daring Fireball's John Gruber. A quick Twitter search turns up a smattering of other reports, which also appear on a number of Apple-related forums.
This is, sadly, hardly a surprise. Like lighting a fire, spamming requires three ingredients: a network that lends itself to abuse, a large list of users, and low cost — all features that iMessage offers in spades.
Sending automated messages from a Mac without any user intervention is a surprisingly easy operation: all it requires is a single line of AppleScript. There are entirely legitimate uses for this feature; for example, I routinely use iMessage on my iMac to send notifications to my iPhone and iPad when our servers at work go down. It's an inexpensive — and very effectiv — way of avoiding having to wake up in the morning to an inbox full of complaints from angry customers who couldn't access our services overnight.
In the wrong hands, however, the ability to indiscriminately send virtually unlimited messages can spell disaster, particularly when you couple it with the fact that, unlike traditional SMS messages, iMessage is completely free. One simply has to build a script capable of reading through a list of numbers and email addresses and then blast out messages to them one by one. And Apple makes this extra easy by conveniently disclosing whether a particular number or address is, in fact, capable of receiving iMessages.
Hold the, uh, phone
That's a far cry, however, from claiming that nearly a third of all mobile spam is generated through iMessage.
We reached out to Cloudmark, the company Mr. Landesman works for. Cloudmark's focus is spam research and prevention — particularly in the mobile world, where the company manages the global spam reporting system run by the GSMA, an industry association with deep ties to the mobile market.
Sign up for CIO Asia eNewsletters.