Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Home Network Security Viruses & Malware Hackers Security Solutions More Topics...
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
iPad
24/7/365 Network Uptime
Average Rating:
Rate this article:  
Apple Responds to SMS Vulnerability on iPhone
Apple Responds to SMS Vulnerability on iPhone

By Barry Levine
August 20, 2012 12:54PM

Bookmark and Share
The iPhone, in an overuse of elegant minimalism, only shows the SMS sender's name, not the sender's number. This means that a hacker could pretend to be a name in your contacts, or even a generic Mom, and fool an SMS recipient into believing an incoming message. Or, using a bank name, you could be tricked into sending back financial information.
 


There's a vulnerability in how Apple's iPhone handles SMS text messaging that could lead to spoofing or phishing attacks. That's the conclusion of a French security blog, to which Apple responded this weekend.

The technical details were itemized Friday on pod2g's iOS blog. It describes how iOS only displays the phone number of the Reply To field in an SMS text, while most mobile devices show both the Reply To field and the originating number. Devices that process both originating and replying phone numbers can potentially compare them to make sure nothing is amiss.

'Never Trust Any SMS'

Consequently, the iPhone, in an overuse of elegant minimalism, only shows the sender's name, not the sender's number. This means that a hacker could pretend to be a name in your contacts, or even a generic Mom, and fool a recipient into believing an incoming message.

Or, if the sender knew your bank name, you could be tricked into sending back confidential financial information. As pod2g wrote, "never trust any SMS you received on your iPhone at first sight."

In a statement, Apple has suggested that the vulnerability was part and parcel of SMS technology and not particular to the iPhone, and it urged that iPhone users employ its iMessage application instead of SMS.

When using iMessage, the technology giant said, "addresses are verified which protects against these kind of spoofing attacks." The company added that one of SMS' limitations is that "it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS."

Rules of Thumb

However, the iMessage protocol only works between Apple iOS devices, so Apple's fix does not cover the gamut -- unless everyone you know only purchases their mobile devices from the maker in Cupertino.

The possible consequences of such trickery could include not only fooling a user into turning over personal data or playing a less-costly but nonetheless embarrassing prank on an unsuspecting iPhone owner. There could also be legal trickery as well, since SMS messages have been used as evidence in court, even though, as the new flurry makes clear, trickery using the technology is not that difficult.

General rules of thumb -- an appropriate term for this thumb-typed medium -- advise that users be wary of any text that is sent from someone not in your contacts. Additionally, one should be suspicious of texts that appear to come from a contact but which are wildly out of context for anything that contact would send. One example: your Mom suggesting you click a link to an unknown site. In fact, be extra wary of any request in a text message to click a link, regardless of the sender.
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 iPad
1.   iPad Hacker Conviction Overturned
2.   Apple vs. Samsung: Latest News
3.   Office for iPad Pretty, Functional
4.   Office for iPads Talk Boosts Microsoft
5.   Apple Drops iPad 2, Resurrects iPad 4


advertisement
Office for iPad Pretty, Functional
With bells, whistles of desktop version.
Average Rating:
iPad Hacker Conviction Overturned
Prosecutors tried him in wrong state.
Average Rating:
Apple vs. Samsung: Latest News
Experts defend Apple's patent rights.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Heartbleed Could Cost Millions, Could Have Been Prevented
Early estimates of Heartbleed’s cost to enterprises are running in the millions. The reason: revoking all the SSL certificates the bug exposed will come at a very hefty price. Some say it all could have been avoided.
 
Michaels Says Nearly 3M Credit, Debit Cards Breached
Arts and crafts retail giant Michaels Stores has confirmed that a data breach at its POS terminals from May 2013 to Jan. 2014 may have exposed nearly 3 million customer credit and debit cards.
 
Google's Street View Software Unravels CAPTCHAs
The latest software Google uses for its Street View cars to read street numbers in images for Google Maps works so well that it also solves CAPTCHAs, those puzzles designed to defeat bots.
 

Enterprise Hardware Spotlight
Vaio Fit 11A Battery Danger Forces Recall by Sony
Using a Sony Vaio Fit 11A laptop? It's time to send it back to Sony. In fact, Sony is encouraging people to stop using the laptop after several reports of its Panasonic battery overheating.
 
Continued Drop in Global PC Shipments Slows
Worldwide shipments of PCs fell during the first three months of the year, but the global slump in PC demand may be easing, with a considerable slowdown from last year's drops.
 
Google Glass Finds a Home in Medical Education, Practice
The innovative headpiece may find its niche in markets where hands-free access to data can be a big advantage. Glass experiments for doctors are already under way, with some promising results.
 

Mobile Technology Spotlight
Review: Siri-Like Cortana Fills Windows Phone Gap
With the new Cortana virtual assistant, Windows catches up with Apple's iOS and Google's Android in a major way, taking some of the best parts of Apple's and Google's virtual assistants, with new tools too.
 
With Galaxy S5, Samsung Proves Less Can Be More
Samsung has produced the most formidable rival yet to the iPhone 5s: the Galaxy S5. The device is the fifth edition of the company's successful line of Galaxy S smartphones, and shows less can be more.
 
Facebook Rolls Out Potentially Intrusive Location-Sharing
Looking for friends? Facebook users in the U.S. will soon be able to see which of their friends are nearby, using a smartphone's GPS. Could be a cool feature in some cases, or way too much information.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Hackers | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.