Yesterday, we reported about a dangerous SMS flaw in the iPhone that was first pointed out by the famous iOS hacker pod2g. Basically, someone could theoretically change the reply-to number in the SMS message that you receive, without you even knowing. Furthermore, someone can send a fully spoofed message that shows a completely different number than the one being used.
Pod2g noted that this bug has been here since the original first-generation iPhone and is still present in iOS 6 beta 4. Apple released an official statement on the issue today:
"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS."
Apple blames the vulnerability on the SMS protocol and urges us to use iMessage (which is indeed safer) instead. We recommend that you’re always cautious when using SMS and to try and use other methods when sending important or private information.
No comments:
Post a Comment