Latest Podcast



Featured Articles

Ofcom helps protect customers against unexpected roaming charges

Ofcom helps protect customers against unexpected roaming charges

UK service providers must notify customers when they connect to a different network

New rules from UK telecoms regulator Ofcom will protect customers when they use their mobile phone on a foreign network. In addition, customers will be alerted if they are inadvertently roaming, perhaps because they're near an international border.
Author: The Fonecast
0 Comments
Article rating: No rating

Global smartphone market is set for recovery, says new forecast

A new forecast from research specialists Canalys shows the smartphone market is set to recover next year. Worldwide shipments declined by 12% last year but that decline is expected to slow to 5% this year.
Author: The Fonecast
0 Comments
Article rating: No rating
Vodafone and Three plan to merge their UK businesses

Vodafone and Three plan to merge their UK businesses

New Hutchison/Vodafone network would be biggest UK operator

Vodafone Group plc and CK Hutchison Group Telecom Holdings Limited have agreed to combine their UK telecommunication businesses, respectively Vodafone UK and Three UK. The merger will create a large new network operator to compete with Virgin Media O2 and EE.
Author: The Fonecast
0 Comments
Article rating: No rating

UK mobile payment service Paym to close in March 2023

UK mobile payment service Paym will close on 7th March 2023. The service, which allowed users to make and receive payments using their mobile phone numbers, was launched in 2014.
Author: The Fonecast
0 Comments
Article rating: No rating
Qualcomm legal action moves forward in the UK

Qualcomm legal action moves forward in the UK

Which? seeks payout for Samsung and Apple smartphone owners

Consumer protection organisation Which? has been given permission by the UK's Competition Appeal Tribunal to represent Apple and Samsung smartphone buyers in a legal case against chip manufacturer Qualcomm.
Author: The Fonecast
0 Comments
Article rating: No rating
RSS

Opinion Articles

Friday, August 24, 2012

Apple iPhone SMS text spoofing: whose fault is it?

Mark Bridge writes:

Last week, French iOS security researcher pod2g revealed a potential security risk with the Apple iPhone’s handling of SMS text messages.

All text messages can be sent with an optional ‘reply to’ telephone number that’s different from the sender’s number. It’s not a standard option with most mobile phones and is most likely to be used by SMS gateways sending large volumes of promotional or service messages.

The majority of text messages don’t use this feature - and many phones either ignore the extra data or display both numbers - but Apple’s iOS seems to handle it in a potentially risky way. Customers with an iPhone are shown SMS messages that appear to have been sent from the ‘reply to’ number... which isn’t necessarily the actual sender.

Apple responded to tech news site Engadget with a recommendation to use its own Apple-only iMessage service instead. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

However, mobile security company AdaptiveMobile says blame should be directed at Apple, not at mobile network operators.

Cathal McDaid, a security consultant at AdaptiveMobile, said “Device manufacturers, like all members of the mobile ecosystem should aim to take security seriously and ensure their devices comply with a wide range of standards and technical recommendations. For SMS to remain a trusted, clean channel, companies need to be vigilant that their products both properly conform to standards and don’t inadvertently expose flaws that can compromise their customers.”

“We know conclusively that this is not a network problem because the 3GPP specification - which outlines how modern mobile phones and networks operate today - discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this. We have tested this issue on Android, Windows Mobile, BlackBerry and Symbian phones and most of them simply ignore the ‘reply address’ field or display both the ‘real’ originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations.”

The iPhone’s SMS handling could be used in a number of malicious ways. Criminals could send a message that appears to come from the customer’s bank or credit card company, inviting the users to reply with personal information or submit security information via a fraudulent web site. Alternatively, a spoof message could be used for social engineering to manipulate a customer’s behaviour - perhaps appearing to be from a trusted friend or a colleague.

It’s certainly not inappropriate to highlight Apple’s handling of SMS messages - but it’s also important to realise that spoofed SMS messages could affect other devices as well. Spam email messages often appear to be from legitimate addresses, requiring a combination of common sense and filtering software to determine whether or not they’re genuine. How long before SMS filtering becomes as much of a necessity... or will network operators and handset manufacturers solve the problem first?

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Recent Podcasts

Tesco gets into smartphones, Facebook gets into advertising... and O2 gets into trouble

Podcast - 7th May 2014

We start this week's podcast with Tesco's plans for a Hudl-branded smartphone. Next comes some potentially good news about the 'patent wars' affecting the mobile industry - although there's certainly no sign of a ceasefire.

Later we discuss an announcement from Facebook about its mobile advertising scheme, an unfortunate mistake for O2's Travel service, a new 20 megapixel camera-phone and an automotive investment by Nokia.

Author: The Fonecast
0 Comments
Article rating: No rating

Bringing video services to smartphones: interview with Jijesh Devan of QuickPlay Media

Podcast - 2nd May 2014

In this interview Mark Bridge talks to Jijesh Devan of QuickPlay Media about the opportunities and challenges of bringing video services to smartphones and other internet-connected devices.

Their conversation took place on the QuickPlay stand inside the App Planet area of Mobile World Congress in February.

Author: The Fonecast
0 Comments
Article rating: No rating

Faulty phones, network closures, court cases, payment apps... and much more mobile industry news

Podcast - 30th April 2014

We have something for everyone in this week's podcast. There's bad news as Samba Mobile closes, bad news as Apple and Samsung suffer product faults... and bad news as wearable devices are criticised for the poor user experience they offer.

Yet there's plenty of good news as well, including the launch of a new UK mobile payment service.

Author: The Fonecast
0 Comments
Article rating: No rating

Seven days of mobile industry news, from money transfers to monster tracking

Podcast - 23rd April 2014

Telefonica sets up its own mobile advertising business, Mozilla puts an interim CEO in place and Nokia suspends sales of its flagship Windows 8.1 RT tablet: all topics for discussion in this week's podcast.

We're also talking about the future growth of Orange Money, EE's online activity, mobile broadband growth and the Loch Ness monster being spotted on Apple iPhones.

Author: The Fonecast
0 Comments
Article rating: No rating

An introduction to embedded mobile security with Loic Hamon of Inside Secure

Podcast - 18th April 2014

When the topics of mobile technology and security are discussed, the conversation can end up focussing on third-party software solutions.

Inside Secure has a different perspective. It's a specialist in embedded security; building protection in from the start. To learn more, Mark Bridge caught up with Loic Hamon, Vice President of Corporate Development at Inside Secure, at the company's hospitality suite during Mobile World Congress.

Author: The Fonecast
0 Comments
Article rating: No rating
RSS
First34568101112Last

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«November 2024»
MonTueWedThuFriSatSun
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678

Archive

Terms Of Use | Privacy Statement