Sunday, August 19, 2012

Apple Responds to iOS SMS Spoofing: 'Use iMessage'

iMessage

Apple appeared to take it on the chin this week, with reports coming out that the SMS messaging service within all versions of iOS (up to the latest iOS 6 beta, version 4) is vulnerable to manipulation by clever attackers.

What does that mean for your typical, iPhone-toting user? In short, an attacker could edit the "reply to" variable found in the hidden header of a text message. And in doing so, users could be spoofed into thinking they've received an important text from their bank or other service and reply with account details, only to send that information to a number that they never realized was the actual recipient.

So, what's been Apple's response to the news? Simple: Just don't use SMS texting.

"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS," wrote an Apple representative to Engadget's Tim Stevens.

Stevens goes on to note that there are a number of different services that allow attackers to spoof text messages across any carrier or device, so it's worth considering whether you really think you should be tapping links or replying with critical account information as the result of a text.

Additionally, regarding the ability of messages sent across iOS to be spoofed, the issue hasn't been a widespread exploit over the past few years. There's no real need to raise a significant amount of alarm above and beyond just remembering to safeguard your information when a text flies in that asks for it.

It's unclear what steps, if any, Apple plans to take within iOS itself in response to the (now more public) news.

?

For more tech tidbits from David Murphy, follow him on Facebook or Twitter (@thedavidmurphy).

For the top stories in tech, follow us on Twitter at @PCMag.

Source: http://www.pcmag.com/article2/0,2817,2408629,00.asp?kc=PCRSS05039TX1K0000762

lotto winner michael oher jerry lee lewis cesar chavez winning lotto numbers lottery tickets mega lottery

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.