Apple has spoke back to the SMS software vulnerability on the iPhone. Last Friday, we wrote about the well-known hacker pod2g discovered an SMS vulnerability in which users can spoof phone numbers. This can seem like SMS messages from your bank, a friend or other trusted party. The response from Apple is quite remarkable: instead of taking the problem in hand, they point an accusing finger at the SMS protocol. Appl
e's solution? Just use iMessage!
But iMessage is a proprietary platform from Apple, which you can communicate only if the interlocutor of an iOS device or Mac. It will be difficult to convince your bank that they should stop sending TAN codes by SMS and that they must move iMessage. Incidentally, the iPhone is not the only device which is susceptible to spoofing, but the iPhone gets from its popularity or the full brunt of
criticism. For now the best solution will not include confidential details (passwords, credit card information) via SMS to exchange as a 'known' asks.
Apple's literal response to Engadget:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
Recently, it became clear that the iPhone since the first model is too trusting refers to one of the header fields SMS (User Data Header, UDH), which is responsible for the number used for the response. Since virtually none of the operators, it does not control, it can be arbitrarily changed by the sender. In the normal implementation of the user to see both numbers – and honest from, and this reply-to, but if the iPhone reply-to is shown as the sender's number, which gives excellent opportunities for all sorts of games with fake numbers, phishing, etc.
Frankly, I do not know how this reply-to all bad from other manufacturers, but Apple the reaction was simply delicious. In response, Apple said that it is very serious about security and control address / phone number when you use iMessage instead of SMS. Well, SMS users must accept the challenge described as the inevitable limitation of this outdated technology and keep working with her special care.
If you still have questions regarding Apple solution to iMessage SMS Spoofing , you can either leave us a comment on our Facebook page, Follow us on twitter, add us on your Google+ circle to Keep up to date.