Apple Responds to iPhone SMS Spoofing Threat, Suggests You Use iMessage Instead

Posted August 18, 2012 at 5:45pm by iClarified | Please help us and submit a translation by clicking here | 24514 views

Apple has responded to pod2g's discovery of a vulnerability in iOS that allows for spoofing of SMS messages, reports Engadget.

Here is Apple's official statement:

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.

While Apple is correct in noting that SMS does allow messages to be sent with a different reply-to address, it neglects to comment on why iOS does not let you see who you actually getting the message from.

Pod2g notes, "In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin."

Read More

Add Comment
Definitively - August 19, 2012 at 6:06pm
I am moving to WP8, Tim Cook will destroy Apple :(
Thatcher - August 20, 2012 at 9:55am
I fail to see how this message is relevant, the bug which Pod2G found has been present since iOS 1.0.0. You can't blame Tim Cook for this.
Gbone - August 19, 2012 at 1:56am
Why even bing it up ? You can ready my messages not that important As matter of fact all the messages R stupid .. Unless ur a wife or husband cheaters!!!
Bonehead - August 19, 2012 at 5:36pm
Because it's a serious security flaw that should not have been there in the first place, given that Apple has had 5 major iterations of the iPhone firmware released. I won't read your messages because your spelling sucks as much as your duh logic.
Jayzee - August 18, 2012 at 11:29pm
SMS is a bit old school when having iMessage and other messaging options like Whatsapp which not only comes cheaper since it's an internet feature which does not per message, but it also overcomes many limitations SMS has. But Apple should not take this lightly, it is a security flaw no matter what they say, and a very stupid one to fix, as a developer, I don't see any complications in fixing something like this so there is no excuse.
Pedro - August 18, 2012 at 7:00pm
Apple should fix this and not use it as an excuse to use iMessage. Not everyone has an iPhone to use iMessage. That's the most retarded response I've heard from Apple. Fix it please. I love universal SMS over any other substitute.
STFU - August 18, 2012 at 9:03pm
Well if you don't have an iPhone how is apple supposed to fix it?
Quarter - August 18, 2012 at 11:00pm
Thats not even the point of pedro's post. Comprehension much?
STFU - August 19, 2012 at 6:46pm
They are trying to promote their company I think I would be telling people that my product is safer and more people should use A.K.A buy more iPhones.
Brian - August 18, 2012 at 6:06pm
My personal suggestion is that everything we opened an SMS conversation, there'll be some bubble that floats out besides the contact name to show the actual phone number, but the moment we touch the keyboard or scroll through the list, the bubble fades away... This way, there'll still be information with regards to the contact, while not taking up too much screen estate space. While some might suggestion updating the software to screen away spoof messages, I'm worried that the update might also accidentally condemn real legitimate messages as spoof. And I don't agree that iMessages is the way to go. Not all of us have the luxury of accessing 3G wherever we go.
0 More Comments
Follow iClarified