Last week, Pod2G uncovered a SMS flaw in iOS that lets someone send a spoofed SMS. In this scenario, the SMS would appear to be from a trusted source, but the response would actually be sent to someone else. Engadget reached out to Apple for comment and received a reply that pitches the advantages of iMessage.
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
We talked with security expert Seth Bromberger, a principal at NCI Security, who provided a list of steps Apple could take to minimize SMS spoofing. Rather than push the benefits of iMessage, Apple should display the originating number as well as check that the sender’s number and the recipient number match.