Apple says 'stick with iMessage' after SMS security hole exposed
Halt spoofing by only texting other iOS users, Apple says
Apple has issued a statement urging iPhone owners to use only iOS iMessage service after a SMS security flaw was uncovered within iOS.
Late last week a hacker discovered that it was possible to send texts to an iPhone and convince the device and the user that they were from someone else.
The spoofing attack manipulates the 'reply to' address within the header section of the SMS app so the number or contact the user thinks they are replying to could be something different altogether.
Now Apple, after themselves being urged to plug the hole, says iMessage is a safer option as it does what the mobile carriers do not and verifies the address from which the message is sent.
SMS limitations
"Apple takes security very seriously," the statement obtained by Engadget read. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks.
"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
Of course, there's one caveat to that. Although iMessage is completely free over Wi-Fi and 3G, it's only available for use between iOS and Mac OS X users.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
So, if 50 per cent of your pals are on Android, you're vulnerable to a spoof calamity.
Via: AppleInsider
A technology journalist, writer and videographer of many magazines and websites including T3, Gadget Magazine and TechRadar.com. He specializes in applications for smartphones, tablets and handheld devices, with bylines also at The Guardian, WIRED, Trusted Reviews and Wareable. Chris is also the podcast host for The Liverpool Way. As well as tech and football, Chris is a pop-punk fan and enjoys the art of wrasslin'.