APPLE has reacted to reports of an SMS spoofer aimed at its devices that run IOS by recommending that users switch to its Imessage alternative instead.
The security flaw was highlighted on Friday in a blog belonging to someone calling themselves Pod2g. The blogger warns readers using IOS to never trust SMS and explains the vulnerability.
"I found a flaw in IOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well," he wrote.
"The flaw exists since the beginning of the implementation of SMS in the Iphone, and is still there in IOS 6 beta 4. Apple: please fix before the final release."
The flaw can let a hacker, called a Pirate here, send someone a message while pretending that their number is something other than what it actually is. This means that they can gain the trust of the recipient and exploit them.
"Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]," said Pod2g.
"One could send a spoofed message to your device and use it as a false evidence. Anything you can imagine that could be utilised to manipulate people, letting them trust somebody or some organisation texted them."
It has not replied to us, but in a statement to Engadget Apple suggested that using Imessage would be the best protection for its users, because it treats messages differently.
"Apple takes security very seriously. When using Imessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," it said.
"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS." µ
OK Google, how do we create a stable society from this constitutional crisis?
Robo-cars on the rise
790,000 personal messages also leaked in SQL-injection hack
Build delivers fixes for Action Centre and Live Tile interface