Apple officially responded to reports regarding its latest mobile operating system being vulnerable to text message spoofing, recommending that customers use the more secure iMessage service instead. The news comes in just after popular iOS hacker and security researcher, pod2g, discovered and drew headlines to a SMS spoofing vulnerability on the iOS platform. Here, pod2g urged Apple to take action with Apple giving a rather generic response for now.
The problem remains with SMS messages in itself, where the iOS platform, like many other mobile operating systems, supports transmission of optional, advanced features in the header section of text messages, including a “reply to” address. Since most wireless carriers don’t perform verification checks on the header specifications, incoming messages to the iPhone can be manipulated to appear as if they’re coming from the “reply to” address and not the actual sender.
Apple released a statement where it reminded customers that the iMessage service which was released with iOS 5, was designed to protect against such vulnerabilities. They stated the following:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.
Source: The Loop