iPhone SMS security alert

Using SMS for secure communcation? Think twice.

A security researcher has revealed that the iPhone (all versions) has a security issue that enables SMS messages to be modified to appear to come from a different sender. This practice is know as spoofing where the reported origin or sender is different to the actual sender and is used as a tool in spreading virii, malware and as a way gather information for identity theft or fraud.

This is a concern as even the next version of iOS (the software that makes the iphone, ipad and ipod touch what they are) does not seem to address this issue.

NOTE : This flaw is not restricted to iOS phones but at this time it is understood to be one of the most vulnerable devices with this flaw. Sending spoofed SMS messages is possible on all devices so everyone that uses SMS messages as a secure way of communicating had better think again.

Why it is a problem :
SMS messages until now have been regarded as potentially a secure method of sending messages as it was accepted that the sender details could not be messed with. Now we know different.

What to do :
We have to change our attitude towards SMS messages and the level of trust we put into these messages. My initial thoughts is to place the same level of trust in SMS as I do email as they now share common flaws. I advise that nobody activates links within an unexpected SMS or reply direct to the SMS with sensitive information like passwords, dates of birth, addresses, credit card details etc. For SMS that you expect you should still use some caution and not trust links or reply direct to the sender of the SMS. Instead use you own contact details for the sender from your addressbook.
Apple’s response in short is to use imessage, an alternative method used within the iPhone messages app. Read more about Apple’s response here (article by PC World).

To read more on this story, have a look at ZDnet’s article.