Sunday, August 19, 2012

Apple says 'stick with iMessage' after SMS security hole exposed


Apple has issued a statement urging iPhone owners to use only iOS iMessage service after a SMS security flaw was uncovered within iOS.



Late last week a hacker discovered that it was possible to send texts to an iPhone and convince the device and the user that they were from someone else.

The spoofing attack manipulates the 'reply to' address within the header section of the SMS app so the number or contact the user thinks they are replying to could be something different altogether.

Now Apple, after themselves being urged to plug the hole, says iMessage is a safer option as it does what the mobile carriers do not as verifies the address from which the message is sent.

SMS limitations

"Apple takes security very seriously," the statement obtained by Engadget read. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks.

"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
Of course, there's one caveat to that. Although iMessage is completely free over Wi-Fi and 3G, it's only available for use between iOS and Mac OS X users.

So, if 50 per cent of your pals are on Android, you're vulnerable to a spoof calamity.

0 comments:

Post a Comment