Yesterday, iOS hacker Pod2g highlighted an SMS spoofing exploit in iPhone that allows someone to send a text message but change the reply-to address of the text, as a result of which the recipient would receive a text message from someone trusted, but in actual it wouldn’t be from that person. As the story broke, folks over at Engadget contacted Apple for a response and today, they have received a reply from an Apple representative pointing out that address spoofing is a limitation of the SMS and not the iPhone. In fact, Apple reminds us how secure iMessage really is.
Here’s the reply:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
There you go folks! It’s not the iOS, but rather a limitation of SMS itself. Address spoofing can apparently be achieved on any smartphone, OS or a carrier the recipient is using. Frequent texters should definitely think twice before sending sensitive information over SMS.