or Connect
AppleInsider › Forums › Mobile › iPhone › Apple urges users to stick with iMessage to avoid iPhone SMS spoofing
New Posts  All Forums:Forum Nav:

Apple urges users to stick with iMessage to avoid iPhone SMS spoofing - Page 3

post #81 of 134
Quote:
Originally Posted by Vaelian View Post

And what do you propose as workaround for this that actually addresses the problem other than using iMessage or similar services?

The only workaround is for other companies to do what Apple does with iMessage - and use the optional fields so that they can mark potentially spoofed messages. Unfortunately, that's entirely outside of Apple's control.
Quote:
Originally Posted by muppetry View Post

I don't think we really disagree on much here, but you are still not strictly correct, and I'm not clear what I wrote that was wrong. There is a unique aspect to iOS - that, unlike all (?) other phones, it uses the "Reply-To" field (when present) instead of the "From" field, and so only iOS is vulnerable to "Reply-To" spoofing. However, I think that is probably irrelevant since, as you have pointed out, the "From" field can also be spoofed, and so it would only be a significant added vulnerability if it were easier to spoof the "Reply-To" field.

That's a foolish distinction. There's no difference in the difficulty of spoofing 'reply to' and 'from' fields. If anything, it further reinforces Apple's advantage. If a hacker is going to spoof a field, they're more likely to spoof the 'from' field since that's what most phones use. So, by your own logic, iOS is BETTER than other phone operating systems.

In fact, the links I provided above confirm that. Most of the third party 'anonymizer' sites talk about SMS spoofing, they are all spoofing the 'from' field, not the 'reply to' field. So iOS would not be spoofed while the majority of phones would be.

So why is it that the first 26 hits on a search for 'sms spoof' are all about iOS?

My guess is that the guy who started this didn't realize that you could spoof both 'from' and 'reply to' fields and thought he had discovered a real vulnerability with iOS.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #82 of 134
Quote:
Originally Posted by muppetry View Post


It's not completely false; while all phones are vulnerable to spoofing the "From" field, the issue here is that iOS is also vulnerable to spoofing the "Reply-To" field.
Whether that actually matters - for example if it is easier to spoof the "Reply-To" field than the "From" field then that could make it a bigger problem for iOS - does not seem to have been established.
Apple clearly could change the way iOS handles and uses the "Reply-To" field, but it would only defeat one of those spoofing methods.

 

 

Quote:
Originally Posted by jragosta View Post


This is absolutely false. You can also spoof the 'from' field:
http://www.youspoof.info/textSpoofing.html
"For example the sender could specify that the recipient's caller ID shows an incoming message is from "The Pope" and the text message reads "Repent!""
or:
http://spoofsms.net
"You can put ANY mobile number or alphanumeric character in the "From" field when sending a message."
Please stop spreading lies. It's bad enough when all the usual trolls here spread FUD, but you created a new account specifically to post something that's totally false? That's really sad.
The fact is that there's nothing at all in this that is iOS specific and it can affect EVERY SMS user. The only exception is if you're using iOS and iMessage, you have some warning.
The really amazing thing is that even though this flaw affects everyone, if you search for 'sms spoof', you have to get near the end of the third page before you find even a single hit that doesn't present it as an iOS flaw.

 

Spoofing the "From" header is different than spoofing the "Reply-to".  Perhaps that is a very technical distinction, but I am a technical person.  So saying one thing is the same as another, when technically it is not, is incorrect (though I understand your logic).  

 

If other phones that recognize the "reply-to" header and use that to override "from", they are as wrong as the iPhone.  It does appear to me that while all phones are vulnerable to a "From" spoof, not ALL phones recognize the "reply-to" header the way the iPhone does.  It may be true that all phones that recognize the "reply-to" header handle it the way the iPhone does, but I couldn't even verify that.  That said, you are right in saying that ALL phones are vulnerable to the "From" field spoofing, BUT that is a completely different issue than the method described and being discussed here.

 

Spoofing the "From" field is more of a carrier issue, where spoofing the "reply-to" is an phone issue (regardless of who made the phone). In the case of email, SMTP servers usually verify that the server sending the message is allowed to send emails for the domain that appears in the  "From" field.  So for email, "from" field spoofing is controlled by the ISP/email servers, not the email client.  Notifying a user of a different reply-to address, that is controlled by the email client.  The point is, "From" field is verified by the ISP/Email server, and giving the similarities with SMS, it would almost certainly have to be the same way.  

 

To end spoofing you have to fix both issues.  To say that Apple doesn't need to do anything because the other issue still exists to me is incorrect and distracts from the actual issue being talked about.  To stop spoofing you have to address both issues: one is a carrier issue and one is a handset maker issue.  If anything, Apple should fix the reply-to issue and use their influence to pressure carriers to address "from" field spoofing.  As it stands, I think carriers have little motivation to fix the issue.  They potentially get paid for every message they send, so verifying and blocking certain messages would ultimately hurt their bottom line.  That was never an issue that ISP/email providers had to overcome.


Edited by rednival - 8/19/12 at 10:12am
post #83 of 134
Quote:
Originally Posted by jragosta View Post

Quote:
Originally Posted by muppetry View Post

I don't think we really disagree on much here, but you are still not strictly correct, and I'm not clear what I wrote that was wrong. There is a unique aspect to iOS - that, unlike all (?) other phones, it uses the "Reply-To" field (when present) instead of the "From" field, and so only iOS is vulnerable to "Reply-To" spoofing. However, I think that is probably irrelevant since, as you have pointed out, the "From" field can also be spoofed, and so it would only be a significant added vulnerability if it were easier to spoof the "Reply-To" field.

That's a foolish distinction. There's no difference in the difficulty of spoofing 'reply to' and 'from' fields. If anything, it further reinforces Apple's advantage. If a hacker is going to spoof a field, they're more likely to spoof the 'from' field since that's what most phones use. So, by your own logic, iOS is BETTER than other phone operating systems.

In fact, the links I provided above confirm that. Most of the third party 'anonymizer' sites talk about SMS spoofing, they are all spoofing the 'from' field, not the 'reply to' field. So iOS would not be spoofed while the majority of phones would be.

So why is it that the first 26 hits on a search for 'sms spoof' are all about iOS?

My guess is that the guy who started this didn't realize that you could spoof both 'from' and 'reply to' fields and thought he had discovered a real vulnerability with iOS.

Agree - with one reservation about something you also alluded to previously and I meant to ask about. When you say that this reinforces Apple's advantage and that iOS is actually better in this regard than other phone systems - what do you mean? iOS is vulnerable to both forms of spoofing - other OSs are vulnerable only to from spoofing. I assume that you are not just referring to the advantages of iMessage over SMS?
post #84 of 134

OH?? ALL your contacts don't have iMessage?? Well, why not?? Get them over to iMessage and you won't have a problem, now will you??

 

Just ask ANY of our retail employees that, Ooops, they've been laid off, no - wait - we're going to reverse that decision - no wait for it - no, YES!!! You've all been rehired.. Just in time for us to cut your pay... No - Wait - we promised you a pay increase last month - no - wait - are you sure - no - wait - YES WE DID !!! Yeah.. NOW we got the story straight - no - wait - - - - - .....

 

These guys have REALLY acted like jackasses over the last few months...

 
post #85 of 134
Originally Posted by Bwinski View Post
Just ask ANY of our retail employees that, Ooops, they've been laid off, no - wait - we're going to reverse that decision - no wait for it - no, YES!!! You've all been rehired.. Just in time for us to cut your pay... No - Wait - we promised you a pay increase last month - no - wait - are you sure - no - wait - YES WE DID !!! Yeah.. NOW we got the story straight - no - wait - - - - - .....

 

These guys have REALLY acted like jackasses over the last few months...

 

You've been reading too much Gizmodo/WSJ.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #86 of 134

Could be, but it certainly feels that way. I've had TWO run ins with the Apple store 'genius' personnel lately in two different locations and IT WAS AWFUL. SO, i speak from a bit of very personal, recent experience...

 
post #87 of 134
Quote:
Originally Posted by muppetry View Post

Agree - with one reservation about something you also alluded to previously and I meant to ask about. When you say that this reinforces Apple's advantage and that iOS is actually better in this regard than other phone systems - what do you mean? iOS is vulnerable to both forms of spoofing - other OSs are vulnerable only to from spoofing. I assume that you are not just referring to the advantages of iMessage over SMS?

Yes, I'm referring to iMessage's advantage over other SMS clients. In addition to the advantages that others have cited, iMessages displays the 'reply-to' field while most clients display the 'from' field. If 95% of all SMS-capable phones use the 'from' field, most people who want to spoof their message will spoof the 'from' field which would not fool iMessage.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #88 of 134
Quote:
Originally Posted by jragosta View Post

Quote:
Originally Posted by muppetry View Post

Agree - with one reservation about something you also alluded to previously and I meant to ask about. When you say that this reinforces Apple's advantage and that iOS is actually better in this regard than other phone systems - what do you mean? iOS is vulnerable to both forms of spoofing - other OSs are vulnerable only to from spoofing. I assume that you are not just referring to the advantages of iMessage over SMS?

Yes, I'm referring to iMessage's advantage over other SMS clients. In addition to the advantages that others have cited, iMessages displays the 'reply-to' field while most clients display the 'from' field. If 95% of all SMS-capable phones use the 'from' field, most people who want to spoof their message will spoof the 'from' field which would not fool iMessage.

OK - I see what you mean. Unfortunately, the from spoof would still fool iMessage unless they had, for some curious reason, filled out the"Reply-To" field with their real identity, since, in the absence of a "Reply-To" value, iMessage uses the "From" value, just like all the others.
post #89 of 134
Quote:
Originally Posted by jragosta View Post

This is absolutely false. You can also spoof the 'from' field:
http://www.youspoof.info/textSpoofing.html
"For example the sender could specify that the recipient's caller ID shows an incoming message is from "The Pope" and the text message reads "Repent!""
or:
http://spoofsms.net
"You can put ANY mobile number or alphanumeric character in the "From" field when sending a message."
Please stop spreading lies. It's bad enough when all the usual trolls here spread FUD, but you created a new account specifically to post something that's totally false? That's really sad.
The fact is that there's nothing at all in this that is iOS specific and it can affect EVERY SMS user. The only exception is if you're using iOS and iMessage, you have some warning.
The really amazing thing is that even though this flaw affects everyone, if you search for 'sms spoof', you have to get near the end of the third page before you find even a single hit that doesn't present it as an iOS flaw.

All true. I have often entertained co-workers by connecting directly to my company's email gateway and firing off emails to them from Jesus. (He writes some pretty filthy emails, just FYI.)

Anyway, the person you're responding to doesn't seem to understand that SMS is just bastardized email--or maybe he understands that but doesn't appreciate the full extent of the problems that decision opens SMS up to. If he wants to place blame, he can blame an entire industry for deciding to piggyback on an existing protocol and dragging along all the baggage that entails instead of designing a dedicated protocol for text messages (you know, like, iMessage). But trying to lay the blame at Apple's feet is a little disingenuous.
post #90 of 134
Quote:
Originally Posted by muppetry View Post

OK - I see what you mean. Unfortunately, the from spoof would still fool iMessage unless they had, for some curious reason, filled out the"Reply-To" field with their real identity, since, in the absence of a "Reply-To" value, iMessage uses the "From" value, just like all the others.

So there are two scenarios:
1. They spoof the 'from' field and do not enter a 'reply to' identity. In that case, iMessage acts exactly like any other client - so Apple is no worse than the rest of the industry.
2. They spoof the 'from' field and do enter the correct 'reply to' identity - in which case iMessage is better than the other clients.

So the claim that Apple is somehow worse than anyone else is bogus.

The only case where Apple could be worse is if they spoof the 'reply to' field but not the 'from' field - which doesn't appear likely. All the spoofing sites I could find spoof the 'from' field since that's the one that 95% of phones or more use.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #91 of 134
Quote:
Originally Posted by nagromme View Post

Are other smartphones immune from this SMS issue? Is it iPhone-specific? (Some statements imply that this is not an iPhone issue at all, just a carrier issue.)

 

Hi Nagromme, if you're asking if there is an iPhone specific problem on AppleInsider your answer is almost always going to come back a little dogmatically as"'No, the iPhone has no flaws and is BETTER!" :p  Reading some of these responses that seems to be the direction they are headed and they are wrong in this case.

 

If my analogy below confuses you, heres a link to more info:  http://www.informationweek.com/security/mobile/android-and-blackberry-safer-than-ios-fo/240006075

 

Remember 'caller id' on those old fashioned wall phones?  When you called someone from your home phone, if they had caller id, it would automatically tell them it was you calling.  You had no input.  Your carrier had the technology to recognize it was your hardware.  That is the equivalent of 'from' in an SMS message.  It is not impossible, but it is very difficult to spoof- and in an SMS text would usually require knowledge of your victims carrier and access to their carriers' SMSC servers to hack.  It would open the hackers up to substantial criminal penalty.  Any phone, whether android or Apple even using iMessage, would be prone to this attack.  This type of attack isn't common because it is generally traceable and hard to execute.  Those sites listed above do not work in the US or Canada.  Feel free to try them if you wish.  Some use the 'reply to' method (even though it says 'from' on their site) and hope your user has an iPhone- in which case they will work.  Some offer Android apps for you to download in order for them to work.  Your victims (if using Android phones) would need to have that software installed too which renders the attack pretty much useless.

 

Back to our 'caller id' example.  Imagine if you called someone and your carrier, instead of using the information from your hardware, gave you a message 'please enter your phone number identifying who you are' and you now had to key in your phone number.  Imagine it used the number you yourself keyed in to identify you to whomever you were calling...  Not rocket science here.  You could type in any number you wanted and that is whom it would tell your recipient was calling.  If you looked up Apple's or IBM's corporate phone numbers you could type that in and it would tell your recipient that Apple (or IBM, or whomever) was calling.  Very easy to do.  No hacking required.  That is the equivalent of 'reply to' spoofing.

 

'Reply To' *is* built into the SMS protocol and is quite useful.  AT&T can send you a promotional SMS message.   Some phones would tell you that the message is FROM: AT&T and that you should REPLY TO: ATTPROMO or something like that.  No problem.  The poor choice Apple made (and I cringe to say that on this site) is that they use the 'Reply To' field that your sender has control of to tell you that is who the message is FROM.  So I can send you a bogus malicious message that you might not normally fall for, but when you look at the FROM field and see that it is 'FROM: facebook.com' you will decide it is safe and fall for it.

 

With that, the 'vulnerability' is way overblown.  People can't hack your information or take over your phone with it.  They can only fool you into trusting them.  As long as you don't trust anybody sending you texts requiring dubious action on your part- there is no vulnerability.

 

Apple unfortunately doesn't like to admit error.  They issued a pretty brilliant response as usual, but its a little bit of misdirection.  Their statement is that the 'Reply To' field is built into SMS and is there on all phones- which is an absolutely true statement.  They then say if you use iMessage you will not be prone to the attack- which is also an absolutely true statement.  What they leave out is that the flaw in the iPhone was due to their less than optimal choice of using the 'Reply To' field in the header to tell you that that is where the text came 'From' and that they will (hopefully) correct their mistake in future versions.  Any Android phone that has software that chooses to use the 'Reply To' field as the 'From' indicator would be prone to the same spoofing, but I guess that was one area they chose not to copy Apple. :p

 

For the record I was a long time Apple user and loved my iPhone until Apple kept insisting that I wanted a puny 3.5" screen.  They were dead wrong and 'forced' me to switch to my giant screen Android phone.  My 'dirty secret' is that I actually think both phones are great so I'm a little out of place on either an Apple or Android site.  If Apple bumps up the screen size a little more and introduces usable mainstream widgets instead of the stone age 'icon grids' I'll be back in line for the iPhone 6  =)  ( as long as Android hasn't implemented a feature that cooks for me and cleans my house )   Hooray competition!


Edited by Frood - 8/23/12 at 4:16pm
post #92 of 134
Quote:
Originally Posted by hill60 View Post


Wasn't THE BIG RED EXCLAMATION MARK next to the message just a bit of a giveaway?
😜😜😜

Oh, yeah, really helpful. with notification coming a WEEK+ AFTER THE FACT. Kapisch???

post #93 of 134
Originally Posted by Frood View Post

If Apple… …introduces usable mainstream widgets… 

 

What does this even mean? What is the point of this? Live updating icons would do just the same. And I've just had a thought for how… ooh. I gotta write that down and mock it up…

 

…stone age 'icon grids'… 

 

Funny how when you have the stone, those without want to steal it from you.

 

Hooray competition!

 

*narrows eyes*

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #94 of 134
Quote:
Originally Posted by Cpsro View Post

Too bad iMessage is unreliable!

(Yes, unreliable. I've been notified a week+ after the fact that an iMessage was not delivered)

 

I've had the same thing happen with SMS messages on Verizon.  I can't say I've found iMessage to be any less reliable...

 

Funny thing is, SMS was the one thing AT&T seemed to do better than Verizon.  I don't recall ever having problems sending or receiving messages in a timely fashion with them.  With Verizon it's a crapshoot, and it has been for years.  Had the same lousy SMS experience when I was with them prior to getting my iPhone in 2009.

 

Go figure.

post #95 of 134
Quote:
Originally Posted by jragosta View Post

Quote:
Originally Posted by muppetry View Post

OK - I see what you mean. Unfortunately, the from spoof would still fool iMessage unless they had, for some curious reason, filled out the"Reply-To" field with their real identity, since, in the absence of a "Reply-To" value, iMessage uses the "From" value, just like all the others.

So there are two scenarios:
1. They spoof the 'from' field and do not enter a 'reply to' identity. In that case, iMessage acts exactly like any other client - so Apple is no worse than the rest of the industry.
2. They spoof the 'from' field and do enter the correct 'reply to' identity - in which case iMessage is better than the other clients.

So the claim that Apple is somehow worse than anyone else is bogus.

The only case where Apple could be worse is if they spoof the 'reply to' field but not the 'from' field - which doesn't appear likely. All the spoofing sites I could find spoof the 'from' field since that's the one that 95% of phones or more use.

Well yes - there are 3 scenarios as you listed, and the third one, though it may well be unlikely, is the subject of the report.
post #96 of 134
Quote:
Originally Posted by Bwinski View Post

Could be, but it certainly feels that way. I've had TWO run ins with the Apple store 'genius' personnel lately in two different locations and IT WAS AWFUL. SO, i speak from a bit of very personal, recent experience...

 

 

So take your two poor experiences and broadly describe it as the norm. Such hubris.

post #97 of 134
Quote:
Originally Posted by 28jp View Post

Too bad iMessage is messed up!  I had to turn mine off.  It was taking up to an hour for a message to send with a full signal.  Half the time it would make me send as a text anyway.

 

It started working really good when i had my 3GS and when I first got my 4s... but the last couple of months the service has totally sucked.  I am not the only one in my area who is complaining.

 

Even when using Wi-Fi... it sucks!

 

Numerous calls to AT&T and Apple have been of no help.  So, I just turned off iMessage and have zero problems sending and receiving texts.

 

If they would acknowledge and fix the problem, I would definitely use it.

Bullcrap... 1st post to spam/troll... 

post #98 of 134
Quote:
Originally Posted by muppetry View Post

Well yes - there are 3 scenarios as you listed, and the third one, though it may well be unlikely, is the subject of the report.

Not at all. The report (and the thousands of 'me, too' reports) act as though spoofing is something that can only happen to iPhones.

In reality, the overwhelming majority of spoofs use the 'from' header and therefore affect everyone.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #99 of 134
Quote:
Originally Posted by Tallest Skil View Post

 

What does this even mean? What is the point of this? Live updating icons would do just the same. And I've just had a thought for how… ooh. I gotta write that down and mock it up…

 

 

Funny how when you have the stone, those without want to steal it from you.

 

 

*narrows eyes*

 

Hi Tallest,   I originally just wanted to say 'I hope apple implements widgets' but then a fan would likely

point out to me that Apple already has widgets- so I added the 'usable maintstream' qualifiers because the current versions on Apple are neither.  I don't know much about live tiles but I'd guess they are fairly similar to widgets as long as they are resizable and not limited to having a defined structure with just an info update on them (like an email counter going up a number or two)... 

 

After the big screen, widgets were the big surprise moving from iOS to Android for me.  I had a 'weather app' and a 'stock market app' and 'news app(s)' on my iPhone , but having them executing continuously on my home screen as widgets pretty radically changes how useful they are to me and how I interact with them  The 'stone age' comment wasn't really a slam on Apple as much as encouragging them to progress from it. I still use my iPhone (it has no SIM card) for games for my nieces and as a metronome, but every time I turn it on it seems like I'm 'moving backward..  I still use an icon grid on my Android phone because it is a good way to cram a ton of apps together, but its not until 3 pages removed from my home screen- and I rarely go there- the widgets have me covered for 95% of what I want to do.  Do wish Android would learn the 'smoothness' of Apple though.  With all that going on it does occasionally get a little hitch in its giddy'up when swiping around that my iPhone never had.

 

Would be a nice touch if they gave the iFive  a smart swipe to unlock as well- ie if you swipe left to right it does what it does now and opens up to home screen.  If you swipe from bottom to top it opens straight to text messaging, if you swipe right to left it opens straight to your phone with your 'favorites showing.' etc.  Looking forward to the iFive release and I'm sure its going to have a trick or two up its sleeve that leaves me a little envious.

post #100 of 134
Originally Posted by Frood View Post

…Apple already has widgets- so I added the 'usable maintstream' qualifiers because the current versions on Apple are neither.

 

Wait, do they? I genuinely don't know what people mean by "widgets" unless they're talking about those two-space things you sometimes see on Android phones. I just don't get the benefit of those over app icons that update to show you content (sort of like The Interface Formerly Known As Metro, but simpler). 

 

I had a 'weather app' and a 'stock market app' and 'news app(s)' on my iPhone , but having them executing continuously on my home screen as widgets pretty radically changes how useful they are to me and how I interact with them.

 

Oh, and I can understand that, certainly. Why the Weather app on iOS hasn't always (since iPhone OS 1!) shown the current weather of your leftmost city, I'll never know. And seeing your topmost stock's current status would be great.

 

Would be a nice touch if they gave the iFive…

 

… I thought that was just an auto-correct gaffe until I saw it again and realized what you were talking about. I seethed. 

 

But I can't stay mad at you, you zarkin' frood. lol.gif

 

Anyway, about that idea, it's interesting, but I don't see Apple doing it when it happens also through notifications. I realize you have to receive a notification to get that to be available, but I also think that their desire is to make sure the user knows exactly what will happen when they perform an action, which is something that multi-directional swiping would make more blurry.

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #101 of 134
Quote:
Originally Posted by jragosta View Post

Quote:
Originally Posted by muppetry View Post

Well yes - there are 3 scenarios as you listed, and the third one, though it may well be unlikely, is the subject of the report.

Not at all. The report (and the thousands of 'me, too' reports) act as though spoofing is something that can only happen to iPhones.

In reality, the overwhelming majority of spoofs use the 'from' header and therefore affect everyone.

Not at all what? Yes, I completely agree with your assessment that it does not make sense to focus on iOS, but the issue in question, if you read the original blog, is specifically about this vulnerability on iOS, and that is the subject of the article and that is what was being discussed. Not whether other phones are vulnerable to other spoofs.
post #102 of 134
Quote:
Originally Posted by Tallest Skil View Post

 

Wait, do they? I genuinely don't know what people mean by "widgets" unless they're talking about those two-space things you sometimes see on Android phones. I just don't get the benefit of those over app icons that update to show you content (sort of like The Interface Formerly Known As Metro, but simpler). 

 

 

Oh, and I can understand that, certainly. Why the Weather app on iOS hasn't always (since iPhone OS 1!) shown the current weather of your leftmost city, I'll never know. And seeing your topmost stock's current status would be great.

 

 

… I thought that was just an auto-correct gaffe until I saw it again and realized what you were talking about. I seethed. 

 

But I can't stay mad at you, you zarkin' frood. lol.gif

 

Anyway, about that idea, it's interesting, but I don't see Apple doing it when it happens also through notifications. I realize you have to receive a notification to get that to be available, but I also think that their desire is to make sure the user knows exactly what will happen when they perform an action, which is something that multi-directional swiping would make more blurry.

 

Sorry on the iFive.  I thought it was kind of cool and even catchy.  If its a cause for 'seething' I'll call it the iPhone 5 moving forward.  Glad you got the Hitchhiker's reference =) 

 

And on the widgets, I think you are still thinking small:

Why the Weather app on iOS hasn't always (since iPhone OS 1!) shown the current weather of your leftmost city, I'll never know. And seeing your topmost stock's current status would be great.

 

For current weather I look out the window :p  My widget shows me the next 5 days in graphical display.  I rarely used my weather app- mostly because it just never hit me to check whether until I went outside and found it was raining :/  With it on my home screen I'm always using it because its hard to miss.  My stock widget doesn't look like an icon and just show me my topmost stocks status- it is implemented as an actual stock ticker that scrolls across my screen with options to show daily highs/lows etc.  Instead of scrolling whole indexes, I have it set to only show stocks that are actually in my portfolio so all the info is relevant to me.  If I notice one moved (hopefully upward) I just have to touch it and it opens up the actual app where it has all the latest news on that particular stock available.

 

Nothing I couldn't do on my iPhone, but the implementation is just more natural since the information is continually right there.

post #103 of 134
Originally Posted by Frood View Post
Sorry on the iFive.  I thought it was kind of cool and even catchy.  If its a cause for 'seething' I'll call it the iPhone 5 moving forward.  Glad you got the Hitchhiker's reference =) 

 

I'd prefer you'd drop the number entirely. lol.gif

 

For current weather I look out the window :p  My widget shows me the next 5 days in graphical display.

 

It'd have to be pretty long for that, eh? Ooh! how about this, a corner (or top bar/percent of) of the icon changes to the NOAA standard color for whatever watch or warning is in effect for the area? So severe thunderstorm watch would be a yellow highlight, tornado warning a red, flood a green, etc… 

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #104 of 134
Quote:
Originally Posted by mdriftmeyer View Post

 

iMessage works well. Too bad you comment and don't specifically detail how you come to that comment's conclusion.


Well, he does specifically state that iMessage does NOT work well for him, and explains why. Being God, I guess you know better?

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #105 of 134
Quote:
Originally Posted by jragosta View Post


Not at all. The report (and the thousands of 'me, too' reports) act as though spoofing is something that can only happen to iPhones.
In reality, the overwhelming majority of spoofs use the 'from' header and therefore affect everyone.


The problem, as Apple stated, lies with the SMS specification. However, unless you're texting to another iPhone which has iMessage, you can't use iMessage.

The "solution" probably is to type in numbers by hand/selection from address book.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #106 of 134
So right?

I'm going to be doing this at volleyball this week...

"Yo Android!". (and this has been shouted believe it or not.). "Don't be texting me your spam a$$ $hit!".

Co-Ed on volley ball means 5 guys and one girl.

I play with 3 robots!

I'll have to text them a link here first...
post #107 of 134
Quote:
Originally Posted by muppetry View Post


The "vulnerability" is inherent in the SMS specification, but currently only manifests itself on iOS devices, because iOS is the only platform that ignores the sender phone number if a reply-to number is specified. A fix is within Apple's power - the iOS SMS app could be modified at least to display the sender number as well as the reply-to number. That would not change the SMS specification, but would alert an iOS user that a spoof may be occurring.


Hmmm, that's a very interesting post. It would definitely make the problem lie with Apple, even though, of course, the spec is still insecure.

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #108 of 134
Quote:
Originally Posted by Tallest Skil View Post

 

I'd prefer you'd drop the number entirely. lol.gif

 


 

What's wrong with the sixth iPhone being called iPhone 5 really? As long as it just works? What I can tell you is I was talking phones (and perfume, but it's unrelated) with a group of girls saturday and they all are waiting for iPhone 5...

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #109 of 134
Quote:
Originally Posted by lightknight View Post


Well, he does specifically state that iMessage does NOT work well for him, and explains why. Being God, I guess you know better?

He is not a god, because god does not exist. (I say he based on previous posts)

Don't bring that word (god) into a tech site/discussion.

Also if god did exist, she would almost certainly be a woman.

Edit: spelling. How does previous turn into precious? Only on iPad...
post #110 of 134
Quote:
Originally Posted by Tallest Skil View Post

Wait, do they? I genuinely don't know what people mean by "widgets" unless they're talking about those two-space things you sometimes see on Android phones. I just don't get the benefit of those over app icons that update to show you content (sort of like The Interface Formerly Known As Metro, but

Really? Yea, other phones have constantly updated material on them. Just like "widgets" that you apparently don't know about that are on OSX. So when you swipe up on your track pad to see your "widgets", that's what people have on their phones now.

Trust me I get called out on that all the time. Some how it's turned into a 'pick up' line.

Edit: swipe right. I changed mine because of multi monitors (which has been seriously messed up with Mountain Lion)
Edited by Vadania - 8/20/12 at 1:42am
post #111 of 134
Quote:
Quote:
Originally Posted by lightknight View Post

What's wrong with the sixth iPhone being called iPhone 5 really? As long as it just works? What I can tell you is I was talking phones (and perfume, but it's unrelated) with a group of girls saturday and they all are waiting for iPhone 5...

Vey true. Almost everyone I speak with are looking forward to iPhone 5. Also, women my age don't care. They don't use it for anything other than texting and the occasional call. Most people do not know it syncs with your play lists, contacts or anything else. I tell my friends "buy it from Apple and you will have everything on that phone on a phone like mine". (meaning all their contacts. They are all worried about losing the number from the guy they slept with last night)

Apple could call it what ever they want.
post #112 of 134
Quote:
Originally Posted by Vadania View Post

He is not a god, because god does not exist. (I say he based on previous posts)
Don't bring that word (god) into a tech site/discussion.
Also if god did exist, she would almost certainly be a woman.

No, Jesus was definitely an Irish male:
- He lived with his mother
- He had 12 drinking buddies
- His mother thought he was God.
Quote:
Originally Posted by lightknight View Post


The problem, as Apple stated, lies with the SMS specification. However, unless you're texting to another iPhone which has iMessage, you can't use iMessage.
The "solution" probably is to type in numbers by hand/selection from address book.

That doesn't solve anything. Even if you use your address book, you know that the numbers you are sending to are legitimate. The problem is identifying whether a RECEIVED message is spoofed - and typing in your numbers manually does nothing to address that problem.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #113 of 134
Quote:
Originally Posted by lightknight View Post

Quote:
Originally Posted by muppetry View Post

The "vulnerability" is inherent in the SMS specification, but currently only manifests itself on iOS devices, because iOS is the only platform that ignores the sender phone number if a reply-to number is specified. A fix is within Apple's power - the iOS SMS app could be modified at least to display the sender number as well as the reply-to number. That would not change the SMS specification, but would alert an iOS user that a spoof may be occurring.


Hmmm, that's a very interesting post. It would definitely make the problem lie with Apple, even though, of course, the spec is still insecure.

Yes - but note also jragosta's point that this is somewhat moot, since most spoofers would spoof the "From" field, rather than the "Reply-To" field, and there is nothing anyone can do to fix that.
post #114 of 134
Quote:
Originally Posted by dagta View Post

I love iMessage, but many messages have to be sent as SMS, and it seems to be random when it works and when it doesn't. Most of the time it works, but I will say that it doesn't about 10-15% of the time. Both sender and receiver have wifi and iPhone 4S. Even worse is pictures ("MMS") which 95% of the time doesn't work with iMessage. I've experienced it taking 15 minutes to send 3 pictures with iMessage on a 12MBit/s wifi. Using real MMS sending the same pictures takes about 15 seconds. But the real problem here is that most of the time it doesn't work at all. I'm from Norway and I have normal 3G and wifi without other problems.

So why exactly do you "love" it?   

post #115 of 134
Quote:
Originally Posted by JohnnyW2001 View Post

This IS an Apple/iPhone issue.
There's a lot of weird misinformation in this thread, so let me clear it up: When you send an SMS message, you have two fields. FROM and REPLY-TO. You can only alter the REPLY-TO, and not FROM. The problem is that the iPhone hides the FROM (which is correct) and replaces it with the REPLY-TO field if it's present. It's a really dumb thing to do, and it's entirely a decision by Apple. (Other phones may do this, too, but that's completely besides the point - it's entirely up to the software developer.)
Also, it's not a "vulnerability" in the SMS system, as the REPLY-TO field is designed to filled with whatever the user wants... but it's known that this information could be false, so it's supposed to be used as a request by the sender. As in, "Yes, I know this message was sent from X, but it would be better for me if you replied to Y. Thanks".
Anyone suggesting everyone use iMessage is beyond idiotic for all the obvious reasons people have pointed out. A simple tweak to iOS so that messages are only ever seen to be coming from the FROM field would fix the issue.
Hopefully the final version of iOS 6 will fix this issue.

No, it is an SMS problem - its exactly the same problem that plagues SMTP but you don't see people throwing bricks at Microsoft's house over outlook. I've owned loads of phones (both feature and smart) including the iPhone and I've gotten spoof SMS messages on all of them. Weather or not the reply-to field is present and is or is not removing the From field from the user's view is irrelevant - if "Reply-To" is set, it will reply to that address, if its not, it will use the address in the "From" field - who you are replying too (and therefore who you are potentially giving money by texting) is far more important than the automated spam bot that processed it. On the iPhone and Windows Phone 7 (to name two) where the message came from is clearly displayed in the list of message threads anyway in big bold letters! But that is also irrelevant because the From field can be spoofed as well and its alarmingly easy. All I have to do is write the following in the header section of an SMS message before sending:

 

From: <number>

 

The problem lies with the carriers who should implement spam checking on SMS messages before they are delivered to your inbox.

 

The only thing Apple are guilty of right now is using the already present scare mongering media drivel to dupe thick-headed yahoo's into using iMessage with the weak excuse of "ish sayfur".

 

Disclaimer: I use a Windows Phone

 

EDIT: You also stated that the Reply-To field is supposed to be filled by the user. No, it isn't. The nature of SMS does not allow that. You have three options: Delete, Forward or Send. Technically, in SMS, there is no such thing as a Reply function - There is nothing to show if a message is a response to a previous one. The only thing you have to go on is the originating user - this is how threads are organised on any phone.


Edited by benanderson89 - 8/20/12 at 6:52am

... at night.

Reply

... at night.

Reply
post #116 of 134
So is the problem lying with Apple or not in the end?

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #117 of 134
Quote:
Originally Posted by benanderson89 View Post

No, it is an SMS problem - its exactly the same problem that plagues SMTP but you don't see people throwing bricks at Microsoft's house over outlook.

 

People ARE throwing bricks at MS over Hotmail though ^^

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #118 of 134

Found the guy who uses the word "Yahoo".

 

 

Quote:
Originally Posted by benanderson89 View Post

 thick-headed yahoo's 

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #119 of 134
Quote:
Originally Posted by jragosta View Post


This is absolutely false. You can also spoof the 'from' field:
http://www.youspoof.info/textSpoofing.html
"For example the sender could specify that the recipient's caller ID shows an incoming message is from "The Pope" and the text message reads "Repent!""
or:
http://spoofsms.net
"You can put ANY mobile number or alphanumeric character in the "From" field when sending a message."
Please stop spreading lies. It's bad enough when all the usual trolls here spread FUD, but you created a new account specifically to post something that's totally false? That's really sad.
The fact is that there's nothing at all in this that is iOS specific and it can affect EVERY SMS user. The only exception is if you're using iOS and iMessage, you have some warning.
The really amazing thing is that even though this flaw affects everyone, if you search for 'sms spoof', you have to get near the end of the third page before you find even a single hit that doesn't present it as an iOS flaw.

 

I'm sorry but you're entirely incorrect. The issue was raised by a blogger called pod2g, and that's the issue I described. It's also the issue that AppleInsider reported about, and it's the issue which Apple themselves are responding to.

 

You can read the original blog post here: http://pod2g-ios.blogspot.co.uk/2012/08/never-trust-sms-ios-text-spoofing.html

You can read AppleInsider's original news post here: http://www.appleinsider.com/articles/12/08/17/hacker_discovers_iphone_sms_spoofing_issue_asks_apple_to_fix_for_ios_6.html

And you can read Apple's original statement to Engadget, which makes reference to this REPLY-TO field issue: http://www.engadget.com/2012/08/18/apple-responds-to-iphone-text-message-spoofing/

 

This is nothing to do with the SMS standard.

 

Once again, this is entirely Apple's fault.

post #120 of 134

On an unrelated note: It's also worth pointing out that Email has many anti-spam and verification processes. I'm not entirely sure why everyone is regurgitating the nonsense that it doesn't. Technologies like DKIM and Domain Keys, as well as server blacklists, have been verifying the origin servers for years.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple urges users to stick with iMessage to avoid iPhone SMS spoofing