Apple Responds To Pod2g’s iPhone SMS Spoofing Exploit


Yesterday, iOS hacker Pod2g highlighted an SMS spoofing exploit in iPhone that allows someone to send a text message but change the reply-to address of the text, as a result of which the recipient would receive a text message from someone trusted, but in actual it wouldn’t be from that person. As the story broke, folks over at Engadget contacted Apple for a response and today, they have received a reply from an Apple representative pointing out that address spoofing is a limitation of the SMS and not the iPhone. In fact, Apple reminds us how secure iMessage really is.

Here’s the reply:

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.

There you go folks! It’s not the iOS, but rather a limitation of SMS itself. Address spoofing can apparently be achieved on any smartphone, OS or a carrier the recipient is using. Frequent texters should definitely think twice before sending sensitive information over SMS.


  • Jon B

    Wait, are you telling me that the government has access to my electronic devices and could’ve had that info since the late 70s? say it isn’t so!!

  • Cshudson

    Has anyone verified this? Remember these are the same guys that said there was nothing wrong with the iPhone 4 antenna too. Reality distortion field is company wide policy 🙂

  • gogoboy

    It’s true, not just iPhone. Android, Windows Mobile, RIM bb…all with a same flaw. Surprise me is why the ‘no so secret flaw’ only being notice?