Apple Recommends Users to Abandon SMS to Prevent Spoofing Attacks
Apple responds to reports that its operating system is affected by text message spoofing vulnerability. The company advises customers to choose iMessage service instead, which is generally much more secure. Hackers drew headlines last week when they discovered a hole in iOS that allow cyber criminals to send bogus text messages that appear as if they are sent by someone else.
Like other mobile platforms, text messages in iOS support a number of optional features, such as adding “reply to” header. Since many carriers don’t verify header specification, malicious individuals may manipulate incoming SMS messages and insert fake originating phone number.
iMessage is developed to circumvent common vulnerabilities of SMS (Short Message Service). Apple seems to take securities issues seriously and by using iMessage, addresses can be fully verified and spoofing attacks prevented. Spoofed SMS messages may contain anything from phishing code to simple spam. Vulnerabilities flaunted by SMS are similar to email spoofing, which doesn’t authenticate addresses and names.