Apple Responds To Pod2g's SMS Spoofing Claim
Apple has responded in reply to the recent post from pod2g on his blog where he mentioned that he had found a vulnerability in iOS which allows spoofing the SMS text message origin. He also wrote Apple please fix before final release of iOS 6. Apple has responded to his claim and tells its users to be careful while receiving the SMS especially if they are redirected to any suspected address or website over SMS. Also they prefer to use the imessage since it verifies the addresses against these kind of spoofing attacks.
Pod2g’s SMS Spoofing Claim
I have given below both statements so that you can understand the severity of the SMS flaw that I think may affect some of us.
pod2g wrote on his iOS blog:
I mentioned it on twitter a few days ago, I found a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4. Apple: please fix before the final release.…….
Why is it an issue ?
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.Now you are alerted. Never trust any SMS you received on your iPhone at first sight.
Apple Responds To Pod2g’s SMS Spoofing Claim
We got in touch with an Apple representative and here’s what we were told:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
Note: Please check your Email After clicking Join.