iPhones SMS Flaw Is Really Dangerous, Says AdaptiveMobile
Contradicting the very person who discovered the SMS spoofing bug in the iPhone operating system, security company AdaptiveMobile says the flaw detailed by hacker Pod2g is, in fact, serious.
AdaptiveMobile released a whitepaper today to dispel some of the myths surrounding the recent iPhone SMS vulnerability which could allow scammers to ‘spoof’ the sender of a text message.
Then the company goes to say that “Apple has responded to these claims, acknowledging the weakness, but without any stated intention of remedying the situation,” which is mostly true.
Mostly, because Apple believes “One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone.”
Therefore, the company “urge[s] customers to be extremely careful if they're directed to an unknown website or address over SMS,” it said.
Apple also said to use iMessage instead, because it’s more secure. However, AdaptiveMobile insists that the Cupertino company is not acting in good faith.
It claims this flaw is “not a network problem because the 3GPP specification – which outlines how modern mobile phones and networks operate today – discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this.”
Cathal McDaid, security consultant, AdaptiveMobile, said his company tested this issue on Android, Windows Mobile, BlackBerry and Symbian devices, “and most of them simply ignore the ‘reply address’ field or display both the ‘real’ originating address and the reply address as per the specification recommendations.”
“The iPhone, so far, is the only device which does not comply with these security recommendations,” said McDaid, adding that “Apple has left a significant vulnerability in its handsets which could allow consumers to be fooled and hand over personal details to hackers and criminals.”
In an email interview with Softpedia, hacker Pod2g outlined some of the aspects surrounding the SMS spoofing flaw he’d just discovered, including his own take on the matter: “I don't consider SMS spoofing to be that dangerous,” he said.
He'd know. He's one of the famous hackers who jailbreak your iPhone. Also, he never even bothered Apple with this discovery in the first place.
Via: iPhones SMS Flaw Is Really Dangerous, Says AdaptiveMobile