Broken-Record Podcast Requests Cause iOS Data Overages
Nov 15, 2012 3:59 PM PT
One bug apparently causes the iOS player app to make multiple requests rapidly and close them out quickly; another causes the phone to behave as if it's connected to WiFi even when it's not.
"The patch apparently addresses the problem and, now that the problem has been published, it's just a matter of time before someone else gets hit," Rob Enderle, principal analyst at the Enderle Group, commented. "This is an exploit found after the problem was demonstrated in the wild, so people are being hurt now."
Tracking the Vulnerability
PRX Labs began investigating the issue after getting a report from "This American Life" that its content delivery network charges for October were extremely high. The lab had previously seen a huge spike in traffic on "99% Invisible" and "The Moth" radio shows, but had assumed that was due to the release of Apple's new Podcast app, which was believed to have brought both shows new subscribers. PRX distributes segments from all three shows.
The lab traced the problem to iOS 6.0. Further surveillance showed that the iOS 6.0 player apparently made requests multiple times per second and closed them rapidly. The range of the requests seemed to overlap and, because each request carries some overhead, a single download of an MP3 file uses significantly more bandwidth in iOS 6.0 than it would in iOS 5. In one case, the playback of a single 30-MB episode caused more than 100 MB of data to be transferred.
When a file has completed downloading, it begins downloading again from its beginning and this continues for as long as a user is streaming the file.
PRX Labs was able to reproduce the issue with several podcasts in the Podcast app using iOS 6.0, but couldn't do so with iOS 5 or iOS 6.0.1.
A PRX Labs spokesperson was not immediately available to provide further details.
Who's to Blame?
Several commenters on the PRX blog described a similar experience. One of them, Marckus Anderson, who describes himself as a sysadmin, said the multiple requests effectively amounted to a distributed denial of service (DDoS) attack on his servers.
However another responder, Bill Gearhiser, blamed the problem on a bug in the Stitcher podcast app on his iPhone. He has seen Stitcher reset itself in the middle of playing podcasts several times a day.
"The testing shows some kind of loop is created that causes the problem to manifest," Enderle told MacNewsWorld.
"It's just amazing to me to hear about issues with iOS," Julien Blin, directing analyst at Infonetics Research, remarked. "Software is Apple's territory."
However, ".0 products are known for having unique issues, so this isn't unexpected," Enderle said.
Further, "It's one company that's asserting this is a problem, nobody else is saying anything," Carl Howe, research vice president at the Yankee Group, told MacNewsWorld. "It's hard to get traction on this."
Apple's Big Chill
Apple apparently hasn't acknowledged that a problem with its AV Foundation framework in iOS 6.0.0 could be causing data overages, PRX Labs said. However, the release notes for iOS 6.0.1 mention a change related to WiFi, which may be related to this issue.
Acknowledging the problem and informing its customers is "the ethical thing" for Apple to do, "but Apple's practices have resulted in lower costs to it, so I understand why they didn't," Enderle said.
Apple "is not the type of company to acknowledge issues, although this is changing with Apple Maps," Blin told MacNewsWorld. "They should, as Apple is all about maintaining high customer satisfaction rates."
Apple did not respond to our request to comment for this story.