Latest Podcast



Featured Articles

Ofcom helps protect customers against unexpected roaming charges

Ofcom helps protect customers against unexpected roaming charges

UK service providers must notify customers when they connect to a different network

New rules from UK telecoms regulator Ofcom will protect customers when they use their mobile phone on a foreign network. In addition, customers will be alerted if they are inadvertently roaming, perhaps because they're near an international border.
Author: The Fonecast
0 Comments
Article rating: No rating

Global smartphone market is set for recovery, says new forecast

A new forecast from research specialists Canalys shows the smartphone market is set to recover next year. Worldwide shipments declined by 12% last year but that decline is expected to slow to 5% this year.
Author: The Fonecast
0 Comments
Article rating: No rating
Vodafone and Three plan to merge their UK businesses

Vodafone and Three plan to merge their UK businesses

New Hutchison/Vodafone network would be biggest UK operator

Vodafone Group plc and CK Hutchison Group Telecom Holdings Limited have agreed to combine their UK telecommunication businesses, respectively Vodafone UK and Three UK. The merger will create a large new network operator to compete with Virgin Media O2 and EE.
Author: The Fonecast
0 Comments
Article rating: No rating

UK mobile payment service Paym to close in March 2023

UK mobile payment service Paym will close on 7th March 2023. The service, which allowed users to make and receive payments using their mobile phone numbers, was launched in 2014.
Author: The Fonecast
0 Comments
Article rating: No rating
Qualcomm legal action moves forward in the UK

Qualcomm legal action moves forward in the UK

Which? seeks payout for Samsung and Apple smartphone owners

Consumer protection organisation Which? has been given permission by the UK's Competition Appeal Tribunal to represent Apple and Samsung smartphone buyers in a legal case against chip manufacturer Qualcomm.
Author: The Fonecast
0 Comments
Article rating: No rating
RSS

Opinion Articles

Friday, August 24, 2012

Apple iPhone SMS text spoofing: whose fault is it?

Mark Bridge writes:

Last week, French iOS security researcher pod2g revealed a potential security risk with the Apple iPhone’s handling of SMS text messages.

All text messages can be sent with an optional ‘reply to’ telephone number that’s different from the sender’s number. It’s not a standard option with most mobile phones and is most likely to be used by SMS gateways sending large volumes of promotional or service messages.

The majority of text messages don’t use this feature - and many phones either ignore the extra data or display both numbers - but Apple’s iOS seems to handle it in a potentially risky way. Customers with an iPhone are shown SMS messages that appear to have been sent from the ‘reply to’ number... which isn’t necessarily the actual sender.

Apple responded to tech news site Engadget with a recommendation to use its own Apple-only iMessage service instead. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

However, mobile security company AdaptiveMobile says blame should be directed at Apple, not at mobile network operators.

Cathal McDaid, a security consultant at AdaptiveMobile, said “Device manufacturers, like all members of the mobile ecosystem should aim to take security seriously and ensure their devices comply with a wide range of standards and technical recommendations. For SMS to remain a trusted, clean channel, companies need to be vigilant that their products both properly conform to standards and don’t inadvertently expose flaws that can compromise their customers.”

“We know conclusively that this is not a network problem because the 3GPP specification - which outlines how modern mobile phones and networks operate today - discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this. We have tested this issue on Android, Windows Mobile, BlackBerry and Symbian phones and most of them simply ignore the ‘reply address’ field or display both the ‘real’ originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations.”

The iPhone’s SMS handling could be used in a number of malicious ways. Criminals could send a message that appears to come from the customer’s bank or credit card company, inviting the users to reply with personal information or submit security information via a fraudulent web site. Alternatively, a spoof message could be used for social engineering to manipulate a customer’s behaviour - perhaps appearing to be from a trusted friend or a colleague.

It’s certainly not inappropriate to highlight Apple’s handling of SMS messages - but it’s also important to realise that spoofed SMS messages could affect other devices as well. Spam email messages often appear to be from legitimate addresses, requiring a combination of common sense and filtering software to determine whether or not they’re genuine. How long before SMS filtering becomes as much of a necessity... or will network operators and handset manufacturers solve the problem first?

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Recent Podcasts

Podcast - 28th February 2012

James Rosewell and Mark Bridge report from Mobile World Congress 2012 in Barcelona. In today's programme they look back at Monday's big news, they talk about user experience and look forward to Tuesday's events.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 27th February 2012

Prelude to Mobile World Congress 2012

James Rosewell and Mark Bridge report from Mobile World Congress 2012 in Barcelona. In today's programme they discuss some of the pre-show news and also look forward to Monday's events.
Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 22nd February 2012

Barclays introduces person-to-person mobile money transfers to the UK, Ofcom gets the go-ahead to cut wholesale interconnection charges, a handful of new phones are announced ahead of Mobile World Congress... plus the rest of the week's big news.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 15th February 2012

This week's headlines include Google and Motorola getting the go-ahead for their acquisition deal, 4000 Nokia staff losing their jobs, satellite phones being hacked, a new upgrade scheme from Phones 4u... and much more.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 10th February 2012

Dave Golding from Cellebrite talks about the company's new diagnostic tool. It uses the Cellbrite Touch tablet device to identify and fix faults, which enables retailers to reduce the number of suspect handsets they send for repair.
Author: The Fonecast
0 Comments
Article rating: No rating
RSS
First3738394042444546Last

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«December 2024»
MonTueWedThuFriSatSun
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345

Archive

Terms Of Use | Privacy Statement