Last week, an iOS security researcher, pod2g, discovered a security flaw in SMS messages that allows the sender of a message to manipulate the reply-to number that is displayed, showing a different number than the one actually sending the message. Apple has released a statement in response to this vulnerability, saying:[quote]Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.[/quote]
The reason why this flaw is such a big issue is that recipients of such text messages could be tricked into giving out personal information, believing they are talking to a trusted person. Apple is warning against this and cautioning people not to give personal information over SMS messaging.
According to Apple, the only sure-fire way to avoid this flaw is to use iMessage because addresses are verified, which protects against this sort of manipulation.
Most reports point to the iPhone as being the problem here, but the flaw is not with the iPhone, but rather with the SMS technology. It’s not only the iPhone that is vulnerable to this type of attack. All phones that use SMS can be manipulated in the same way, which is why iMessage is much more secure with its verification and security.