It has come to light that iPhones may be one of many phones that are very vulnerable to SMS spoofing attacks. The iOS of the iPhone displays the text headers in a certain way which would allow dishonest people to display whatever reply to number they want, such as a phony financial firm or charity.
Earlier this week a hacker revealed the vulnerability. Engadget got a response from apple very soon after on the matter.
“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re direction to an unknown Web site or address over SMS.”
To me this seems to be a very weak response from Apple. Hacker pod2g explained on a post talking about the vulnerability that the header of the text contains both the originating number of the text message as well as the reply to text. From what I know about messaging apps it would make much more sense of Apple to make both text fields visible which would automatically boost security and allow users to see exactly where the message is coming from and allow them to make a decision on if it is spoofed or not.
As always, you should be careful when receiving text messages from numbers you do not know or texts that send you to an outside source. You should also refrain from doing your banking and financials through SMS.
0 comments
Add your comment