Avoid SMS iPhone Spoofing, Stick with iMessage

iMessage on iPhone 4S

Source: iMessage on iPhone 4S | Apple

Apple made an official statement last Saturday with regard to the issue that its latest iOS 6 is still vulnerable with SMS spoofing. According to Wikipedia, SMS spoofing is a relatively new technology that replaces the message’s originating mobile number or Sender ID with alphanumeric text.

It is used by businesses to set their company or product name on the message header. However, SMS spoofing has illegitimate use such as impersonating another person, company, or product. Thus, the Cupertino-based company advises that customers should use its more secured iMessage service.

Spoofed messages can include anything from spam to phishing schemes. This SMS vulnerability is the same weakness found in standard email specification, which also does not authenticate the names and address in the header data.

Plugging the iOS Hole

Last Thursday, a hacker made headlines that urge Apple to “plug a hole” in iOS. This issue was also pointed out previously by an independent UK security researcher, hoping that the company would address this SMS vulnerability in iOS 6. The hole is said to allow malicious individuals to send text messages that appear as if they are from someone else.

Similar to other mobile operating systems, iOS SMS messages enable transmission of optional advanced features in the SMS header, which includes the “reply to” address. However, most wireless carriers don’t verify these header specifications, which gives hackers the chance to manipulate SMS messages to iPhone. Because the iPhone can only display the “reply to” address of incoming text messages, there’s no way for users to verify the sender’s identity.

In a statement acquired by Engadget, Apple reminds its customers that iMessage is immune to various SMS vulnerabilities.

Apple takes security seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messengers to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.

Apple introduced iMessage in June 2011 as an alternative for SMS messaging. It enables users to send texts, photos, videos, contact information, and group messages over Wi-Fi or 3G to other users of iOS 5-powered devices. This feature can be accessed through the Messages app on an iPhone, iPad, or iPod Touch running on iOS 5 or later. It is also available on Mac running OS X Mountain Lion or later.

Leave a Comment