Apple responds to SMS vulnerability concerns, suggests using iMessage

Apple responds to SMS vulnerability concerns, suggests using iMessageApple has responded to questions raised by pod2g earlier this week over an SMS vulnerability he discovered in the latest iOS 6 beta 4. The SMS vulnerability could allow someone to abuse the protocol for SMS in order to spoof or send fake text messages. The exploit has been an issue since the incarnation of iOS and is still present in iOS 6 beta 4. Apple issued a statement to The Loop which explains that the problem was not an iPhone specific problem as first thought but down to the SMS protocol used by all phones.

“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks,” an Apple representative told The Loop. “One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

So there you have it, the problem is not with just the iPhone but it is an SMS problem for every phone. The idea of using iMessage for all messaging on your iPhone sounds like a great one. Unfortunately, from my experience it is not exactly reliable; some messages never reach their destination or the iMessage servers are down when I want to use it. The other problem of course is that if the recipient doesn’t have an iPhone then SMS is your only option.

Source: The Loop

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!


UK editor at iMore, mobile technology lover and air conditioning design engineer.

More Posts



← Previously

Best apps to follow NFL football on iPhone

Next up →

SuperTooth Buddy hands free Bluetooth speakerphone for iPhone review

Reader comments

Apple responds to SMS vulnerability concerns, suggests using iMessage


In my country (Hong Kong) everyone who has a smartphone uses Whatsapp messenger to avoid hefty SMS fees, is that this flaw (sender spoofing) only happens with the SMS protocol but not online messaging services like whatsapp?

Trust me, if it were that simple, we'd all be using iMessage. Unfortunately, in the real world we have to deal with Android users who don't have access to iMessage.

The people I need to contact don't have iPhones, so iMessage isn't an option for me. In a perfect world, everyone would have an iPhone. But then, it isn't a perfect world, with Jobs gone.

Many of my friends communicate from their phones via one of the chat protocols (GTalk, other Jabber, AIM, and so on) started as a way to avoid absurd SMS charges, but it is not vulnerable to this type of spoofing, and there are clients on just about every phone platform.

What would you expect them to say?

Common sense will tell you what to do except people without common sense will do what's being told.

What a pompous response! What if the other person doesn't have an iDevice? Sucks bro?

They should have acknowledged that there's an issue and that it would be addressed in time for iOS6. This is the kind of arrogant nonsense that frustrates people with Apple - the inability to admit to fault when pointed out.