Apple urges users to stick with iMessage to avoid iPhone SMS spoofing

24567

Comments

  • Reply 21 of 137
    tallest skiltallest skil Posts: 43,399member


    Originally Posted by Gazoobee View Post

    I thought the same thing.  Here there was a fantastic opportunity to blow their own horn and advertise iMessage a bit more (most don't know it exists given that the icon is for SMS), yet they chose to be typically brief instead.  Wasted their chance. 


     


    The icon doesn't say SMS anymore, though. Hasn't since they added MMS. If they changed it fully, people would scream that Apple took away SMS entirely.

  • Reply 22 of 137
    gazoobee wrote: »
    A Windows iMessage client would help a lot but if someone is SMS'ing from an old phone there isn't much you can do.  I don't understand what else you would expect from a "real solution."  

    SMS is inherently insecure and inherently expensive.  Apple is trying to move people away from it by offering an extremely secure, free client that integrates seamlessly with the old SMS as well as a lot of IM clients.  

    This seems like the best possible strategy to me.  

    By a real solution I mean a fix for the SMS spoofing so it's not just through iMessage that users are safe. We need it to be safe even if the person you are communicating with doesn't have an iPhone.
  • Reply 23 of 137
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by dagta View Post


    I love iMessage, but many messages have to be sent as SMS, and it seems to be random when it works and when it doesn't. Most of the time it works, but I will say that it doesn't about 10-15% of the time. ...



     


    Quote:

    Originally Posted by 28jp View Post


    Too bad iMessage is messed up!  I had to turn mine off.  It was taking up to an hour for a message to send with a full signal.  ...



     


    Are you two in the same country?  I have never had a single report from anyone of iMessage not working or having any troubles like this.  The Mac client did some "interesting" things while in beta but I don't believe I've ever heard of anyone having trouble using it on an iOS device before.  Your problem is so unique and so identical from post to post that I'd almost think you were the same person posting twice.  

  • Reply 24 of 137


    I'm not surprised, to be honest. I've gotten spam messages like that on almost every phone I've owned, both feature and smart.


     


    SMS is like email in that its just a plain text file and it is embarrassingly easy to spoof. All you need is a UNIX system (Mac, Linux, AIX, HPUX, BSD and so forth), make sure the SMTP software is properly configured and then write whatever you want in a plain text file to send as an email.


     


    All you need is three commands



     


     


    Contents of the "spoof.txt" file:



     


    And there we go, one email in my inbox supposedly from Apple.



     



     


    I put the wrong format address in the "To" field - but you get the idea. Its the same story with SMS - just a couple of header fields in plain text.

  • Reply 25 of 137
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by logandigges View Post





    By a real solution I mean a fix for the SMS spoofing so it's not just through iMessage that users are safe. We need it to be safe even if the person you are communicating with doesn't have an iPhone.


     


    I think what Apple is saying here between the lines is that despite the alarmist judgemental reports blaming Apple that it's an issue with how the carrier deals with SMS (they fail to authenticate it), and that it is therefore out of their control.  


     


    I really wish they had explicitly spelled this out however.  A golden opportunity to educate it's users has been missed here.  

  • Reply 26 of 137
    gazoobee wrote: »
    I think what Apple is saying here between the lines is that despite the alarmist judgemental reports blaming Apple that it's an issue with how the carrier deals with SMS (they fail to authenticate it), and that it is therefore out of their control.  

    I really wish they had explicitly spelled this out however.  A golden opportunity to educate it's users has been missed here.  

    I agree, I think al co.'s should do this.
  • Reply 27 of 137
    jragostajragosta Posts: 10,473member
    I like iMessage. But not everyone has an iPhone or Mac or iPad or iPod touch. We need a real solution, Apple.

    How in the world is Apple supposed to fix an inherent SMS problem?

    The fact is that when an SMS message is sent, it may have a fake return address. How do you expect Apple to fix that?

    Now, if the message is sent by an iOS device, they can include the optional features which can provide some level of security, but only another iOS device will recognize them. So the result is the same - Apple can do something to secure iOS to iOS messages (and they've already done that). There's not a blasted thing they can do to secure non-iOS messages.
  • Reply 28 of 137


    Apple should just say that they are working on a solution - suggesting iMessenger is a viable solution to SMS is just idiotic.

  • Reply 29 of 137
    tallest skiltallest skil Posts: 43,399member


    Originally Posted by agramonte View Post

    Apple should just say that they are working on a solution - suggesting iMessenger is a viable solution to SMS is just idiotic.


     


    Thinking that Apple is the one that needs to be fixing anything or can be the one fixing anything is… 

  • Reply 30 of 137
    jragosta wrote: »
    How in the world is Apple supposed to fix an inherent SMS problem?
    The fact is that when an SMS message is sent, it may have a fake return address. How do you expect Apple to fix that?
    Now, if the message is sent by an iOS device, they can include the optional features which can provide some level of security, but only another iOS device will recognize them. So the result is the same - Apple can do something to secure iOS to iOS messages (and they've already done that). There's not a blasted thing they can do to secure non-iOS messages.

    I see the issue now. But I stil think we could fix it. SMS sucks. It needs to be reinvented with much better stuff. While they are reinventing it, might as well make it safe. And don't ask me who "they" are, cuz I have no idea.
  • Reply 31 of 137
    mdriftmeyermdriftmeyer Posts: 7,501member

    Quote:

    Originally Posted by Crowley View Post




     


    iMessage is temperamental at best.  Too bad you don't read before reacting...




     


    That's still not an answer, nim wit. Run a damn trace on your packet network and how it handshakes between your set up. Test it with WiFi, at home, at Hotspots and with Celluar [assuming you have the set up] and then study the bottle necks.


     


    Instead, you whine about it taking an hour with no substance to back it up.

  • Reply 32 of 137
    mdriftmeyermdriftmeyer Posts: 7,501member

    Quote:

    Originally Posted by benanderson89 View Post


    I'm not surprised, to be honest. I've gotten spam messages like that on almost every phone I've owned, both feature and smart.


     


    SMS is like email in that its just a plain text file and it is embarrassingly easy to spoof. All you need is a UNIX system (Mac, Linux, AIX, HPUX, BSD and so forth), make sure the SMTP software is properly configured and then write whatever you want in a plain text file to send as an email.


     


    All you need is three commands



     


     


    Contents of the "spoof.txt" file:



     


    And there we go, one email in my inbox supposedly from Apple.



     



     


    I put the wrong format address in the "To" field - but you get the idea. Its the same story with SMS - just a couple of header fields in plain text.



     


    You're using sendmail? Still?

  • Reply 33 of 137

    Quote:

    Originally Posted by mdriftmeyer View Post


     


    You're using sendmail? Still?



    Technically I'm using exim4 to send emails. The sendmail command parses the header information in the text file correctly as well. mailx and mail simply paste the contents of the text file as plain text into the message body.

  • Reply 34 of 137


    iMessages have never been a problem for me (or many, many clients). In fact they often seem faster than SMS. Love the Messages app in Mountain Lion too - same chat on my phone as my Mac.


     


    But really, if it's such a problem for some, why not just email from your phone instead? I often wonder why Americans & Europeans are so hooked on texting.

  • Reply 35 of 137
    vaelianvaelian Posts: 446member
    jragosta wrote: »
    How in the world is Apple supposed to fix an inherent SMS problem?
    The fact is that when an SMS message is sent, it may have a fake return address. How do you expect Apple to fix that?
    Now, if the message is sent by an iOS device, they can include the optional features which can provide some level of security, but only another iOS device will recognize them. So the result is the same - Apple can do something to secure iOS to iOS messages (and they've already done that). There's not a blasted thing they can do to secure non-iOS messages.

    I see the issue now. But I stil think we could fix it. SMS sucks. It needs to be reinvented with much better stuff. While they are reinventing it, might as well make it safe. And don't ask me who "they" are, cuz I have no idea.

    Dude, just realize this: the people who could potentially be interested in doing anything evil with this already knew of this a long time ago. I've known about this for over a decade, I had fun playing pranks on friends pretending I was the police a long time ago, this really old news to anyone with a basic knowledge of telecommunications, there is absolutely no reason to be afraid of it now. It's good to be aware, but it doesn't really need a solution, SMS is fine as it is.
  • Reply 36 of 137
    solipsismxsolipsismx Posts: 19,566member
    1) Remember when carriers used to let you send an SMS from their website to a phone?

    2) I stopped paying for SMS when iOS 5 was released and most of the people I know were on it. Can't say I miss it. Such a rip off.

    3) If I have any complaints with iMessages they are all mostly gone as of iOS 6 with the ability to choose which accounts it can send and receive and the better unification and syncing which may or may not be part of iOS 6 on the device. On iOS 6 on the iPad you can choose to receive iMessages from your iPhone's phone number. This is still not an option on ML. The benefit of this is that if someone sends an iMessage to your phone using your phone number you don't have to tell them to send using your @me.com address so you can get it on all your devices.


    PS: This is very minor but I'd not like that Messages icon to be blue.
  • Reply 37 of 137
    charlitunacharlituna Posts: 7,217member
    I like iMessage. But not everyone has an iPhone or Mac or iPad or iPod touch. We need a real solution, Apple.

    Apple can't really give you that solution because it is inherent in the SMS system. It's possible on all phones etc.

    In order to imessage from different OSes, the other side would have to approach Apple, license the code etc.
  • Reply 38 of 137
    vaelian wrote: »
    Dude, just realize this: the people who could potentially be interested in doing anything evil with this already knew of this a long time ago. I've known about this for over a decade, I had fun playing pranks on friends pretending I was the police a long time ago, this really old news to anyone with a basic knowledge of telecommunications, there is absolutely no reason to be afraid of it now. It's good to be aware, but it doesn't really need a solution, SMS is fine as it is.

    I actually like SMS, but it does suck, from a practical standpoint. And if we are talking security, it needs to be overhauled.
  • Reply 39 of 137
    wigginwiggin Posts: 2,265member


    What seems to be missing from this discussion is understanding about what is being spoofed. From the original article on AI, the spoofing is only on the Reply To address field, which is optional. Can the From field be spoofed, too? Also from the article, "This would apparently limit the audience of SMS spoofing largely to iPhone users" after referencing that iOS only displays the Reply To, not the From. This suggests that other phones us the From field because "not all phones support these [optional] features".


     


    So, if other phones safely use From and that can't be spoofed, and if the iPhone is vulnerable because it uses an optional spoof-able field, then yes, it is an iPhone problem that Apple should fix. Use From like everyone else (why on Earth would SMS ever legitamately need a different Reply To field anyway. Apparently nobody except scammer use it.


     


    Note: I'm making a lot of assumptions above. Haven't had time to dig into in more. Just wanted to throw it out there. If there is a safe From field that everyone else uses, then so should Apple.

  • Reply 40 of 137

    Quote:

    Originally Posted by 28jp View Post


    Too bad iMessage is messed up!  I had to turn mine off.  It was taking up to an hour for a message to send with a full signal.  Half the time it would make me send as a text anyway.


     


    It started working really good when i had my 3GS and when I first got my 4s... but the last couple of months the service has totally sucked.  I am not the only one in my area who is complaining.


     


    Even when using Wi-Fi... it sucks!


     


    Numerous calls to AT&T and Apple have been of no help.  So, I just turned off iMessage and have zero problems sending and receiving texts.


     


    If they would acknowledge and fix the problem, I would definitely use it.



    I never had the problems you've experienced. I have Verizon. Works great for me... even over wifi. Could be your phone or the at&t network.

Sign In or Register to comment.