The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
GET RECOGNIZED
Let an ISACA® certification elevate your career.
Register today and save
You are here: Home / Apple/Mac / Apple Responds to SMS Vulnerability
DDoS Protection Powered By Verisign
Apple Responds to SMS Vulnerability on iPhone
Apple Responds to SMS Vulnerability on iPhone
By Barry Levine / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
20
2012


There's a vulnerability in how Apple's iPhone handles SMS text messaging that could lead to spoofing or phishing attacks. That's the conclusion of a French security blog, to which Apple responded this weekend.

The technical details were itemized Friday on pod2g's iOS blog. It describes how iOS only displays the phone number of the Reply To field in an SMS text, while most mobile devices show both the Reply To field and the originating number. Devices that process both originating and replying phone numbers can potentially compare them to make sure nothing is amiss.

'Never Trust Any SMS'

Consequently, the iPhone, in an overuse of elegant minimalism, only shows the sender's name, not the sender's number. This means that a hacker could pretend to be a name in your contacts, or even a generic Mom, and fool a recipient into believing an incoming message.

Or, if the sender knew your bank name, you could be tricked into sending back confidential financial information. As pod2g wrote, "never trust any SMS you received on your iPhone at first sight."

In a statement, Apple has suggested that the vulnerability was part and parcel of SMS technology and not particular to the iPhone, and it urged that iPhone users employ its iMessage application instead of SMS.

When using iMessage, the technology giant said, "addresses are verified which protects against these kind of spoofing attacks." The company added that one of SMS' limitations is that "it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS."

Rules of Thumb

However, the iMessage protocol only works between Apple iOS devices, so Apple's fix does not cover the gamut -- unless everyone you know only purchases their mobile devices from the maker in Cupertino.

The possible consequences of such trickery could include not only fooling a user into turning over personal data or playing a less-costly but nonetheless embarrassing prank on an unsuspecting iPhone owner. There could also be legal trickery as well, since SMS messages have been used as evidence in court, even though, as the new flurry makes clear, trickery using the technology is not that difficult.

General rules of thumb -- an appropriate term for this thumb-typed medium -- advise that users be wary of any text that is sent from someone not in your contacts. Additionally, one should be suspicious of texts that appear to come from a contact but which are wildly out of context for anything that contact would send. One example: your Mom suggesting you click a link to an unknown site. In fact, be extra wary of any request in a text message to click a link, regardless of the sender.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN APPLE/MAC
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 
Are Government Spies Tipping Off Tor?
Less than a month ago, tech news headlines heralded a Tor Project breach. Now, some are saying that government spies are sharing information with Tor to help it prevent future breaches.
 
Backoff Malware Hits 1,000+ Businesses, Likely More
More than 1,000 businesses across the U.S. might have been affected by Backoff, a new kind of point-of-sale (PoS) malware, according to the Department of Homeland Security.
 

Enterprise Hardware Spotlight
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Alert: HP Recalls 5 Million Notebook AC Power Cords
HP is recalling about 5.6 million notebook computer AC power cords in the U.S. and another 446,700 in Canada because of possible overheating, which can pose a fire and burn hazard.
 
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 

Mobile Technology Spotlight
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Verizon Hops on the Voice-Over-LTE Bandwagon
Wireless provider Verizon is gearing up for a nationwide launch of its Voice-over-LTE service over the next several weeks, promising clearer and crisper phone calls and a Skype-like video service.
 
Smartphone 'Kill Switch' Law in California; Will Other States Follow?
California’s new law -- signed by Gov. Jerry Brown on Monday -- aimed at deterring cellphone theft could mean most mobile phones sold in the U.S. will soon include similar “kill-switch” tech.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.