AAPL Stock: 117.81 ( -0.22 )

Printed from

Apple acknowledges SMS spoof issue, blames carriers

updated 10:58 am EDT, Mon August 20, 2012

Promotes iMessage as safer alternative, urges caution

Apple has released an official statement on reports from hacker Pod2g and others that a serious flaw exists in the SMS protocol that allows spoofing of addresses, meaning that users could receive messages (directing them to websites or phone numbers) that aren't from the party they appear to be from. Apple's statement points out that iMessage does not have the same problem.

Although Pod2g's initial reporting of the flaw (which he has said is likely known to malicious groups) suggested that the problem resided in iOS's implementation of SMS, Apple's statement appears to suggest that the problem was known to the company and is inherent in the SMS protocol itself, meaning that the issue could also affect Android, Windows Phone and other platforms, including those used by feature phones.

There are already a number of third-party sites that specifically offer to send SMS messages and hide the real identity of the sender, though they are usually not intended to promote criminal fraud, and work with any carrier, OS or cell phone model.

Apple's statement says that it takes security very seriously, but notes that "one of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS." It also notes that when using iMessage -- which works between iOS devices, or between iOS and Macs running OS X Mountain Lion -- "addresses are verified, which protects against these kinds of spoofing attacks."

The statement is Apple's most direct attack thus far on SMS, the standard for cross-platform texting and a major profit vehicle for carriers. The iPhone maker has promoted iOS 5's iMessage as a superior alternative for a variety of reasons, even though it is limited to iOS and some Mac users thus far. The feature has proven to be a hit with users, who are able to text (including pictures and other media) even internationally over 3G, LTE and Wi-Fi without affecting their carrier's texting limitations or incurring roaming charges. Carriers have been vocally unhappy with iMessage, as they believe it eats into the profits they make from texting.

If the issue is truly a problem in the SMS protocol itself, the flaw is likely to hit non-iOS and feature-phone users the hardest, as there is not yet any equivalent to iMessage on those platforms. Given that spoofed texts could tempt users to click on a malicious website or manipulate users with social-engineering type deceptions, users on iOS and other mobile platforms should treat incoming SMS messages -- particularly those from official-sounding sites like banks, or those that invite the user to respond to a website or address -- with suspicion until more is known about the flaw, or steps are announced to fix the issue.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented