Apple responds to SMS issue with iMessage pitch
Last week, Pod2G uncovered a SMS flaw in iOS that lets someone send a spoofed SMS. In this scenario, the SMS would appear to be from a trusted source, but the response would actually be sent to someone else. Engadget reached out to Apple for comment and received a reply that pitches the advantages of iMessage.
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.
We talked with security expert Seth Bromberger, a principal at NCI Security, who provided a list of steps Apple could take to minimize SMS spoofing. Rather than push the benefits of iMessage, Apple should display the originating number as well as check that the sender's number and the recipient number match.
Subscribe to Newsletter
Software Updatesmore updates
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync
- Apple adds iTunes Extras to Apple TV
- Spotify updates with new iPhone controls in time for summer BBQs
- iTunes U update will bring course creation and student discussion to iPad app
- Dropbox for iOS update adds new setup and file management options