Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Mobile Security / Apple Responds to SMS Vulnerability
Apple Responds to SMS Vulnerability on iPhone
Apple Responds to SMS Vulnerability on iPhone
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
20
2012

There's a vulnerability in how Apple's iPhone handles SMS text messaging that could lead to spoofing or phishing attacks. That's the conclusion of a French security blog, to which Apple responded this weekend.

The technical details were itemized Friday on pod2g's iOS blog. It describes how iOS only displays the phone number of the Reply To field in an SMS text, while most Relevant Products/Services devices show both the Reply To field and the originating number. Devices that process both originating and replying phone numbers can potentially compare them to make sure nothing is amiss.

'Never Trust Any SMS'

Consequently, the iPhone, in an overuse of elegant minimalism, only shows the sender's name, not the sender's number. This means that a hacker could pretend to be a name in your contacts, or even a generic Mom, and fool a recipient into believing an incoming message.

Or, if the sender knew your bank name, you could be tricked into sending back confidential financial Relevant Products/Services. As pod2g wrote, "never trust any SMS you received on your iPhone at first sight."

In a statement, Apple has suggested that the vulnerability was part and parcel of SMS technology and not particular to the iPhone, and it urged that iPhone users employ its iMessage application instead of SMS.

When using iMessage, the technology giant said, "addresses are verified which protects against these kind of spoofing attacks." The company added that one of SMS' limitations is that "it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS."

Rules of Thumb

However, the iMessage protocol only works between Apple iOS devices, so Apple's fix does not cover the gamut -- unless everyone you know only purchases their mobile devices from the maker in Cupertino.

The possible consequences of such trickery could include not only fooling a user into turning over personal Relevant Products/Services or playing a less-costly but nonetheless embarrassing prank on an unsuspecting iPhone owner. There could also be legal trickery as well, since SMS messages have been used as evidence in court, even though, as the new flurry makes clear, trickery using the technology is not that difficult.

General rules of thumb -- an appropriate term for this thumb-typed medium -- advise that users be wary of any text that is sent from someone not in your contacts. Additionally, one should be suspicious of texts that appear to come from a contact but which are wildly out of context for anything that contact would send. One example: your Mom suggesting you click a link to an unknown site. In fact, be extra wary of any request in a text message to click a link, regardless of the sender.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN MOBILE SECURITY
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.