Featured Articles

Global smartphone market is set for recovery, says new forecast

ExclusiveUK mobile payment service Paym to close in March 2023

News Mark - December 18, 2022

UK mobile payment service Paym will close on 7th March 2023. The service, which allowed users to make and receive payments using their mobile phone numbers, was launched in 2014.

Qualcomm legal action moves forward in the UK

RSS

1 2 3

Opinion Articles

Opinion

Apple iPhone SMS text spoofing: whose fault is it?

MarkFriday, August 24, 2012

Rate article:

No rating

Rate this article:

No rating

Mark Bridge writes:

Last week, French iOS security researcher pod2g revealed a potential security risk with the Apple iPhone’s handling of SMS text messages.

All text messages can be sent with an optional ‘reply to’ telephone number that’s different from the sender’s number. It’s not a standard option with most mobile phones and is most likely to be used by SMS gateways sending large volumes of promotional or service messages.

The majority of text messages don’t use this feature - and many phones either ignore the extra data or display both numbers - but Apple’s iOS seems to handle it in a potentially risky way. Customers with an iPhone are shown SMS messages that appear to have been sent from the ‘reply to’ number... which isn’t necessarily the actual sender.

Apple responded to tech news site Engadget with a recommendation to use its own Apple-only iMessage service instead. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

However, mobile security company AdaptiveMobile says blame should be directed at Apple, not at mobile network operators.

Cathal McDaid, a security consultant at AdaptiveMobile, said “Device manufacturers, like all members of the mobile ecosystem should aim to take security seriously and ensure their devices comply with a wide range of standards and technical recommendations. For SMS to remain a trusted, clean channel, companies need to be vigilant that their products both properly conform to standards and don’t inadvertently expose flaws that can compromise their customers.”

“We know conclusively that this is not a network problem because the 3GPP specification - which outlines how modern mobile phones and networks operate today - discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this. We have tested this issue on Android, Windows Mobile, BlackBerry and Symbian phones and most of them simply ignore the ‘reply address’ field or display both the ‘real’ originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations.”

The iPhone’s SMS handling could be used in a number of malicious ways. Criminals could send a message that appears to come from the customer’s bank or credit card company, inviting the users to reply with personal information or submit security information via a fraudulent web site. Alternatively, a spoof message could be used for social engineering to manipulate a customer’s behaviour - perhaps appearing to be from a trusted friend or a colleague.

It’s certainly not inappropriate to highlight Apple’s handling of SMS messages - but it’s also important to realise that spoofed SMS messages could affect other devices as well. Spam email messages often appear to be from legitimate addresses, requiring a combination of common sense and filtering software to determine whether or not they’re genuine. How long before SMS filtering becomes as much of a necessity... or will network operators and handset manufacturers solve the problem first?

Comments

Collapse Expand Comments (0)

You don't have permission to post comments.

Recent Podcasts

ExclusivePodcast - 12th December 2006

Podcasts Mark - December 11, 2006

This week in a double length episode the team provide top tips for 2007, review the W950i and Motorokr 6 plus take a look at the latest news as well as reviewing mobile software Zuma and Flurry.

ExclusivePodcast - 5th December 2006

Podcasts Mark - December 4, 2006

This week the guys review a smart new phone from Emblaze, take a look at Nokias new offerings, provide advice on Christmas mobile related presents and review GP Bikes 3D and Mobiola WebCam software.

ExclusivePodcast - 27th November 2006

Podcasts Mark - November 26, 2006

This week the team ask "What's happening at 3?", review the Samsung Z560 and the T-Mobile Sidekick 3. Plus take a look at Opera Mini v2, Sherlock Holmes game and comment on the latest news stories.

ExclusivePodcast - 20th November 2006

Podcasts Mark - November 19, 2006

This week along side the usual news on the mobile industry the team look at the X-Series from 3, the new chocolate phone from LG, debate the future of mobile advertising and look at an address book backup service from ZYB.com and have a bit of fun with Diner Dash.

ExclusivePodcast - 13th November 2006

Podcasts Mark - November 12, 2006

This week the team debate the launch date and iPod functionality of Apples forthcoming iPhone, review the Sony Ericsson Z558i with touch screen, take a look at the credit card sized P310 from Samsung and some new software that transfers DVDs to your mobile in 2 clicks, plus South Park has come to the mobile in the form of an interactive game.

RSS

First Previous 100 101 102 103 104 105 106 107 108 109 Next

Follow thefonecast.com

Archive Calendar

May 2026

Mon

Tue

Wed

Thu

Fri

Sat

Sun

Search

Featured Articles

ExclusiveOfcom helps protect customers against unexpected roaming charges

ExclusiveGlobal smartphone market is set for recovery, says new forecast

ExclusiveVodafone and Three plan to merge their UK businesses