The Inquirer-Home

Apple’s Iphone is hit with SMS spoofer

IOS flaw said to be severe
Mon Aug 20 2012, 16:05
Searching on a smartphone while on-the-go

APPLE has reacted to reports of an SMS spoofer aimed at its devices that run IOS by recommending that users switch to its Imessage alternative instead.

The security flaw was highlighted on Friday in a blog belonging to someone calling themselves Pod2g. The blogger warns readers using IOS to never trust SMS and explains the vulnerability.

"I found a flaw in IOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well," he wrote.

"The flaw exists since the beginning of the implementation of SMS in the Iphone, and is still there in IOS 6 beta 4. Apple: please fix before the final release."

The flaw can let a hacker, called a Pirate here, send someone a message while pretending that their number is something other than what it actually is. This means that they can gain the trust of the recipient and exploit them.

"Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]," said Pod2g.

"One could send a spoofed message to your device and use it as a false evidence. Anything you can imagine that could be utilised to manipulate people, letting them trust somebody or some organisation texted them."

It has not replied to us, but in a statement to Engadget Apple suggested that using Imessage would be the best protection for its users, because it treats messages differently.

"Apple takes security very seriously. When using Imessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," it said.

"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?