Yesterday we told you that Pod2G discovered a severe flaw in iOS that relates to sending and receiving SMS messages. Essentially this flaw allows for SMS spoofing, meaning it is possible for an individual to send you a text message and specify a reply-to number that is not their own, appearing as if they are someone else.
The folks over at Engadget were a little bit concerned over this and thought you should be as well, and as such they have got in touch with an Apple representative. This Apple representative gave them the following statement:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
So, Apple suggests that you use iMessage whenever possible, which in some cases is realistic and in some cases is not helpful at all. What I find interesting is that Apple did not mention whether or not they will be patching this flaw in the upcoming iOS 6 firmware generation. As such it looks like for now your best bet would to just be always diligent when receiving text messages that appear to be out-of-place or fraudulent.
Another thing that Engadget points out is that there are numerous services that let you send text messages appearing to be someone else completely on all smartphones. As such this flaw is not necessarily only present on the iPhone, but on the SMS platform itself. The bottom line is… think twice before handing out personal information over a text message (which you should not be doing anyways).
Andrew says
What I want to know is how to spoof the messages to do some serious pranking:p