iPhone 2.1 Bug Watch: SMS Security and Mail Phishing/Spamming

Reader Karl writes in to let us know his twelve year old son discovered a glitch in SMS security:

Being security conscious he turned on the passcode lock and disabled SMS Preview. [...] If a message is received during the passcode entry or while the screen is locked, a generic message of “New Text Message” appears, to prevent viewing of messages without unlocking the phone. [...] If however the phone is placed in emergency call mode, any incoming SMS messages are previewed instead of presented as the generic messages.

Next comes two issues concerning the implementation choices Apple made in the iPhone Mobile Mail client. According to Ars Technica, as disclosed by Aviv Raff, the first involves the way Mail truncates URLs for display on the iPhone. If a malicious URL is properly crafted by an attacker, the truncation can cause a fake URL to be non-obvious to the users, and thus more likely to result in phishing.

The second results from the lack of an option to display images in the full HTML Mobile Mail client. Since images are automatically displayed, spammers can gain confirmation that the email account that received it is active and ripe for spam attack.

As always, malicious attacks evolve and propagate at an alarming rate, and while we hope Apple fixes these immediately if not sooner, the onus is ultimately and always on we end users to pay attention and do everything we can to avoid them.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

D'oh! Blackberry Storm Gets Cut and Paste!

Next up →

How to screenshot your iPhone

Reader comments

iPhone 2.1 Bug Watch: SMS Security and Mail Phishing/Spamming


I'm not so worried about my text messages being viewed, but the mail ones worry me. The BB doesn't show images by default. You are asked, just like in Outlook if you want to display the images.

This is what i was saying the other day... they need to come out with more notification options... to lock things down or turn them on if we wanted to.
I predict that we will see better notification options when...COUGH when Push finally comes out.

there's also this bug that the 2nd reminder for sms still alerts me even if i had read my sms already. don't know why but it happens.i just suddenly hear my phone ring yet there's no sms there.

You essentially make critically posts I would say. That is the very first time I visited your website and so far I?m amazed using the study you created to produce this article incredible. Fantastic Work!

This is a terrific blog post, I found your website researching yahoo for a related subject matter and came to this. I couldnt find to much alternative information and facts on this posting, so it was awesome to find this one. I will probably end up being back again to look at some other articles that you have another time.

Some really nice and useful info on this internet site , too I conceive the layout has got wonderful features ;)