Latest Podcast



Featured Articles

Ofcom helps protect customers against unexpected roaming charges

Ofcom helps protect customers against unexpected roaming charges

UK service providers must notify customers when they connect to a different network

New rules from UK telecoms regulator Ofcom will protect customers when they use their mobile phone on a foreign network. In addition, customers will be alerted if they are inadvertently roaming, perhaps because they're near an international border.
Author: The Fonecast
0 Comments
Article rating: No rating

Global smartphone market is set for recovery, says new forecast

A new forecast from research specialists Canalys shows the smartphone market is set to recover next year. Worldwide shipments declined by 12% last year but that decline is expected to slow to 5% this year.
Author: The Fonecast
0 Comments
Article rating: No rating
Vodafone and Three plan to merge their UK businesses

Vodafone and Three plan to merge their UK businesses

New Hutchison/Vodafone network would be biggest UK operator

Vodafone Group plc and CK Hutchison Group Telecom Holdings Limited have agreed to combine their UK telecommunication businesses, respectively Vodafone UK and Three UK. The merger will create a large new network operator to compete with Virgin Media O2 and EE.
Author: The Fonecast
0 Comments
Article rating: No rating

UK mobile payment service Paym to close in March 2023

UK mobile payment service Paym will close on 7th March 2023. The service, which allowed users to make and receive payments using their mobile phone numbers, was launched in 2014.
Author: The Fonecast
0 Comments
Article rating: No rating
Qualcomm legal action moves forward in the UK

Qualcomm legal action moves forward in the UK

Which? seeks payout for Samsung and Apple smartphone owners

Consumer protection organisation Which? has been given permission by the UK's Competition Appeal Tribunal to represent Apple and Samsung smartphone buyers in a legal case against chip manufacturer Qualcomm.
Author: The Fonecast
0 Comments
Article rating: No rating
RSS

Opinion Articles

Friday, August 24, 2012

Apple iPhone SMS text spoofing: whose fault is it?

Mark Bridge writes:

Last week, French iOS security researcher pod2g revealed a potential security risk with the Apple iPhone’s handling of SMS text messages.

All text messages can be sent with an optional ‘reply to’ telephone number that’s different from the sender’s number. It’s not a standard option with most mobile phones and is most likely to be used by SMS gateways sending large volumes of promotional or service messages.

The majority of text messages don’t use this feature - and many phones either ignore the extra data or display both numbers - but Apple’s iOS seems to handle it in a potentially risky way. Customers with an iPhone are shown SMS messages that appear to have been sent from the ‘reply to’ number... which isn’t necessarily the actual sender.

Apple responded to tech news site Engadget with a recommendation to use its own Apple-only iMessage service instead. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

However, mobile security company AdaptiveMobile says blame should be directed at Apple, not at mobile network operators.

Cathal McDaid, a security consultant at AdaptiveMobile, said “Device manufacturers, like all members of the mobile ecosystem should aim to take security seriously and ensure their devices comply with a wide range of standards and technical recommendations. For SMS to remain a trusted, clean channel, companies need to be vigilant that their products both properly conform to standards and don’t inadvertently expose flaws that can compromise their customers.”

“We know conclusively that this is not a network problem because the 3GPP specification - which outlines how modern mobile phones and networks operate today - discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this. We have tested this issue on Android, Windows Mobile, BlackBerry and Symbian phones and most of them simply ignore the ‘reply address’ field or display both the ‘real’ originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations.”

The iPhone’s SMS handling could be used in a number of malicious ways. Criminals could send a message that appears to come from the customer’s bank or credit card company, inviting the users to reply with personal information or submit security information via a fraudulent web site. Alternatively, a spoof message could be used for social engineering to manipulate a customer’s behaviour - perhaps appearing to be from a trusted friend or a colleague.

It’s certainly not inappropriate to highlight Apple’s handling of SMS messages - but it’s also important to realise that spoofed SMS messages could affect other devices as well. Spam email messages often appear to be from legitimate addresses, requiring a combination of common sense and filtering software to determine whether or not they’re genuine. How long before SMS filtering becomes as much of a necessity... or will network operators and handset manufacturers solve the problem first?

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Recent Podcasts

Podcast - 1st December 2010

There's something of a retail focus in this week's mobile industry headlines, with joint-branded stores, mobile shopping, subsidised iPads and a stand-alone Tesco Phone Shop all being discussed. There's also talk about Symbian, Windows Phone 7 and angels with mobile phones.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 24th November 2010

The team looks at the UK's latest mobile industry headlines, from mobile money to apps, fraud, network quality, partnerships and advertising. There's also an interview with BroadSoft's vice president of Marketing about the company's move into mobile and its plans for the future.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 17th November 2010

This week's podcast includes more big news from Facebook, the introduction of IPv6, network sharing, call recording, fraud, legal action and an unusual upgrade offer. In addition, James Rosewell talks to Sophia Salenius, CEO of mHealth provider RegPoint, to learn more about this wide-ranging subject.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 10th November 2010

Dr Peter Gradwell talks about his company's new virtual mobile network, which puts fixed-line numbers on mobile phones. And, as usual, there's a look at the week's other industry headlines - including big stories from Nokia, Symbian and Facebook.

Author: The Fonecast
0 Comments
Article rating: No rating

Podcast - 3rd November 2010

In this week's podcast we discuss protests at Vodafone stores, Apple's appearance in the 'top five' manufacturer list, new legal action and an underground WiFi trial. We also talk to MoBank co-founder Steve Townend about the changes his business has seen since launching last year.

Author: The Fonecast
0 Comments
Article rating: No rating
RSS
First5960616264666768Last

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«December 2024»
MonTueWedThuFriSatSun
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345

Archive

Terms Of Use | Privacy Statement