Apple kinda responds to the SMS security flaw found in iOS

By , Aug 18, 2012

Yesterday we broke the news that our friend and iOS hacker pod2g had uncovered a major security flaw in the way the iPhone handles SMS. The exploit basically allows anyone to specify a different “reply-to” phone number when sending you a text message. You can easily imagine various scenarios of how this could be used maliciously.

Today, Apple sent a statement that doesn’t necessarily makes us feel better about the exploit found, but which does insist on the fact that iMessage is more secure than standard text messages…

In a statement sent to Engadget, Apple explains:

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.

Apple is basically telling us two things here:

  1. iMessage is safer than SMS
  2. They are not going to do anything about this SMS exploit

Move along, sir. If you expected Apple to take care of this safety concern for you, you’re going to have to rethink your expectations. To be fair though – and noting that I am no SMS expert – it is my understanding that SMS is an international standard that is mostly a carrier responsibility, and I don’t think Apple can do anything about this issue. But again, I’m no SMS/security expert and I might be wrong.

Lesson learned. Do not trust any suspicious text message! But didn’t we already know that?

  • Share:
  • Follow:
  • Kok Hean

    Ermahgerd, Editor in Chief’s post :D

  • Guest

    it is not like Apple to back off at a security flaw. I think the problem maybe not related to Apple, but as you mentioned, Carrier related. And i guess Apple is going to use this to prove to all why they all should use Apple related services, not carrier related ones.

  • http://www.facebook.com/Salar.Aghaei Salar Aghaei

    it is not like Apple to back about at a security flaw. I think the problem maybe not related to Apple, but as you mentioned, Carrier related. And i guess Apple is going to use this to prove to all why they all should use Apple related services, not carrier related ones.

  • http://twitter.com/Max_Kas Max Kaslick

    I agree with Apple. Unfortunately they are putting to much faith in the heard of cattle that is consumers.
    “I’m sueing apple because a prince from Nigeria texted me and I gave him my social sercurity number…”

    • winappleworld

      Nigerian people are fraud !!

  • seyss

    why is it so difficult to just show a little bar below the contact’s name/number with the reply-to address if the sms has it defined… 15-minute work to code it and release it as an update OTA

  • http://www.facebook.com/profile.php?id=100000219232441 Jasen Bartlett

    You can send spoof text to any phone. It is a flaw with SMS as a whole.

  • Sandman619

    If this is an SMS security flaw, then this also affects Android & all other smartphones

    • Bob Jonson

      Good point! What do you think Google will do about when they realize?

    • http://www.facebook.com/profile.php?id=604885391 Richard Borkovec

      In a way, yes it does effect every SMS application, but at the same time, each OS has to write their SMS application to work with SMS/MMS as a whole. It would literally take 10 minutes to code a feature in that would show the sent from as well as reply to number. So yes, it does effect all SMS, but it’s also very fixable.

  • http://www.facebook.com/profile.php?id=100000064009391 Matt Summers

    Why can’t people keep this kinda shit to themselves? They announce it so apple rolls out another update to break our jailbreak. 5 min of fame to announce that they were the one who found it. Whoopty Fuckin Doo Nerds! LoL

    • http://twitter.com/neilsardesai Neil Sardesai

      A spoofed SMS isn’t going to allow a jailbreak >_>

    • http://www.facebook.com/profile.php?id=100002136300838 Michael Hulet

      This was pointed out by famous jailbreak hacker pod2g

      • ali_plus

        And pod2g don’t need 5 minute fame. He already has enough for a lifetime.

  • http://twitter.com/SymasTera Symastera

    Will Apple Fix this SMS Flaw???

    • http://twitter.com/SymasTera Symastera

      and if i dont send messages will it hurt me or my phone?

  • http://www.facebook.com/profile.php?id=728548305 Miras Safadi

    my carrier has a special service that allows you to send anyone SMS and it arrives as a phone number that nobody uses except for the carrier and you can make calls with number AND change your voice

  • http://twitter.com/EnvJones Tupacaveli

    Is this Apple just being to lazy to fix this and send out an update?
    To think about updates, Man they are slow releasing them…
    I totally forgot about iOS6 its way to slow.
    Starting to think Apple is not for me anymore!