Apple responds to iPhone SMS security vulnerability

The company says the threat of text message spoofing is a limitation of SMS. Oh, really?

More ways for texts to get yucky. CNET

Yesterday I reported on revelations that iPhones may be particularly vulnerable to an SMS spoofing attack. Basically, because of the way iOS handles text headers, a nasty person could manipulate the "reply-to" number to appear to be someone they're not, like a financial institution.

After a hacker revealed the vulnerability earlier this week, Engadget received this response from Apple on the matter:

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS.

I've never written a messaging app that works with SMS before, but it would seem to me that completely passing the buck on to the technology as Apple seems to be doing here, is a cop-out. As hacker pod2g explained in his post on the vulnerability, the text header contains both the actual originating number of a text, and the reply-to text. Making both fields a little more visible would certainly be a start, although it's true that SMS is far from being iron-clad in terms of security.

With that in mind, continue to be vigilant about text messages and careful about how you use them. There are a number of different ways to do your banking these days -- SMS shouldn't be one of them.

I've contacted Apple for comment and will update this post if and when I hear back.

About the author

Crave freelancer Eric Mack is a writer, radio producer, and podcaster based in Taos, N.M., but he lives in Google+. He's also managing editor of Crowdsourcing.org and has written e-books on both Alaska and Android. E-mail Eric.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)