If you are a smartphone user — and if you’re reading Digital Trends there’s a pretty good chance you are — then the recent news of a security flaw in Apple iOS that allows for text message spoofing may have spooked you. After all, in the digital age you can never be too careful about communication security. If you missed the drama, let us get you up to speed.
Basically, the hole in Apple’s walled garden allows for a malicious (or simply mischievous) user to send a message from any number they choose with the intention of tricking the recipient. It may seem harmless if used as a prank between friends, but in a more serious setting the glitch could have greater consequences than a lover’s spat. The flaw was discovered by French security researcher Pod2G, who is urging Apple to repair it before the public release of iOS 6. Engadget reached out for a comment and Apple quickly replied with the following:
“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”
In other words, a limit to SMS’ basic functionality is not really Apple’s problem to fix. The blame lies on the shoddy security features of text-based messaging. But switching to iMessage is not really a solution, as surely not everyone we know uses an iPhone, and therefore regular text messaging is unavoidable. Regardless of which software platform, carrier, or device, there are numerous services that exploit the same fake reply-to address bug discovered by Pod2G. But it’s still a great reminder to stay vigilant.
To clarify, I wasn’t trying to say that Apple can’t fix it but rather that they obviously don’t want to. They’d much rather have everyone in the world using iMessage, which won’t happen.
Kinda sounds like they might just want people to use IMessage more
That also my understanding. Apple displays the reply too number and not the sent from number.
Can it really spoof the “from” number? I thought it could only set a “reply-to” number, which iOS happens to display as the “from” number in the interest of simplicity and not letting you see the entire header. (This is what was reported by pod2g’s iOS blog a few days ago, which as far as I can tell is the original source.)
In other words, Apple *could* fix this by comparing the two pieces of information, letting the user see them both, or warning the user when they don’t match.
RMO,
You said, “In other words, Apple *could* fix this by comparing the two pieces of information, ” which may be true but you are totally forgetting…..
“In other words, a limit to SMS’ basic functionality is not really Apple’s problem to fix. The blame lies on the shoddy security features of text-based messaging. But switching to iMessage is not really a solution, as surely not everyone we know uses an iPhone, and therefore regular text messaging is unavoidable.”
Apple does not own the world and is not required to make every company like AT&T make their stuff great. It focuses on what it can control and fix. Its own software and hardware. So, Apple is saying, buy and use us and we will do our best for you. Use them and you get what you get.” Maybe you would prefer a samsung product. It is plastic and shiny after all. LOL
This isn’t AT&T’s (or any carrier’s) fault. It’s Apple’s based on how iOS handles SMS information, and I stand by my assertion that they could fix it. I was pointing out that I believe the *article*, which you have correctly quoted, is wrong because they do not understand how the vulnerability works. I suggest you refrain from making fun of other people until you understand it, as well. For the original source, which this article completely fails to acknowledge and doesn’t seem to understand, see: http://pod2g-ios.blogspot.com/2012/08/never-trust-sms-ios-text-spoofing.html
(Of course, by “fix,” I really mean not show the “Reply-to” number as indistinguishable from the “From” number, thus letting the user make their own decision; this is an iOS decision. Not all phones do this, so not all share this problem. Clearly this is not an insurmountable issue! Of course, they can’t “fix” SMS.)