If you are a smartphone user — and if you’re reading Digital Trends there’s a pretty good chance you are — then the recent news of a security flaw in Apple iOS that allows for text message spoofing may have spooked you. After all, in the digital age you can never be too careful about communication security. If you missed the drama, let us get you up to speed.
Basically, the hole in Apple’s walled garden allows for a malicious (or simply mischievous) user to send a message from any number they choose with the intention of tricking the recipient. It may seem harmless if used as a prank between friends, but in a more serious setting the glitch could have greater consequences than a lover’s spat. The flaw was discovered by French security researcher Pod2G, who is urging Apple to repair it before the public release of iOS 6. Engadget reached out for a comment and Apple quickly replied with the following:
“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”
In other words, a limit to SMS’ basic functionality is not really Apple’s problem to fix. The blame lies on the shoddy security features of text-based messaging. But switching to iMessage is not really a solution, as surely not everyone we know uses an iPhone, and therefore regular text messaging is unavoidable. Regardless of which software platform, carrier, or device, there are numerous services that exploit the same fake reply-to address bug discovered by Pod2G. But it’s still a great reminder to stay vigilant.