Last week, infamous iOS hacker pod2g released a report regarding a new security flaw he discovered in Apple’s mobile software. The exploit allows for SMS spoofing, and could be used for malicious purposes.

The following day, Apple issued a statement on the texting bug, saying that it was a problem that all manufacturers had to deal with. But according to a new report, that may not be the case…

InformationWeek passes along a report by security firm AdaptiveMobile:

“A flaw discovered recently in Apple’s iPhone could allow nefarious people to hack SMS messages. according to AdaptiveMobile, the iPhone stands alone with this security hole. AdaptiveMobile tested the exploit in the iPhone and compared it to Android, BlackBerry, Symbian, and Windows Mobile. All the other platforms remained secure in their treatment of SMS messages.”

This certainly seems to match up with what pod2g said in his original blog post. But the media, along with the help of Apple, have continued to assume that this is an SMS problem, not an iPhone problem.

The problem with that is, there’s no indication that Apple is working on any sort of fix here. And at the moment they’re just recommending that iPhone users send texts through iMessages instead of SMS.

Obviously, Apple could still correct the problem in iOS 6. But considering how crazy the media usually gets over security and privacy issues in mobile, I’m surprised that this hasn’t become a bigger deal.

  • Kok Hean

    What the heck, Apple? If you don’t fix this, people will use this as a reason to ditch the iPhone and switch to an Android. They’d better fix this in iOS 6.

    • Apple already said that they “can’t,” which is a flat out lie.

    • Mahjikk

      You’re just texting the wrong guy. This is obviously a feature, why should they fix it?

  • Who’s dumb enough to respond to this text message? They deserve to have to clean it up and learn from that mistake.

    • Just to be clear, the text message used in this post is not a real text message. It’s a screenshot Cody took to illustrate his post.

    • It’s not that simple. The way it works is someone can use any phone, and make it seem like it’s coming from one of your contacts numbers. You’ll see it only as your contact, not who really sent it. That’s the flaw.

      • How the hell does a fact get down-voted? Wow…

      • Mahjikk


    • Think it as a SMS came from your wife and asking for your bank account number and security code/pass because she forgot. But this SMS actually came from a hacker and will sent all info to him instead of your wife.

      May be you would not reply to such message as you stated, but alot of people would and you will be surprise to know how large that number could be.

      Also, this bug could lead to hack your account on some important websites just like some hacker hacked “Mat Honan” accounts few days ago and wipe out his life work. In that hack, all hacker needed was “Mat Honan” credit card number which he could easily obtain from Honan itself, if he would new about this SMS flaw. He just has to SMS Honan on name of his wife, “honey, what’s your credit card number, I forgot mine at home so I need yours to buy a dress for little girl. come home early”.

      Just some illustrations of how this could be use.
      it’s really fucked up how apple does not want to comment on this but saying imessage is more safer. I am sure average consumer is use SMS as their main messaging system.

      I hope apple could fix it before any large damage has done with someone.

  • The picture you used is hilarious lol.

  • JerseyD

    I don’t understand the flaw. People can mask the number they’re sending from but you know where your reply is going. If it was the other way around I think it’d be more dangerous.

    • They can make it seem like one of your contacts, when it’s some other phone, that’s why it’s so dangerous.

      • JerseyD

        Yea but the reply is going to go to your contact not the person who sent you the message.

      • AFAIK they change the reply to: also so that the big problem.

      • Exactly. They spoof the sending number, but it still replies to the real number, not the spoofed one.

  • Mahjikk

    Phew, Now all I have to do to avoid this nefarious flaw, which is obviously due to an imperfect system of communication that isn’t widely used by anyone anyways, is send an iMessage to all my friends who don’t have an iPhone/Pod/Pad. Thanks for the advice Apple!

  • Major security flaw!

  • Malvin

    Love the theme.. Please email me what it’s called,

  • Sad to hear that!

  • My problem with this is that its been around since the iPhone came out so now that someone pointed it out to everyone its going to actually be used. Pod2g should have just told Apple about it and not post it on his twitter. Well now that its out there at least it’ll push Apple to fix it quickly… oh wait they won’t. Well then we are fucked.