Apple urges users to stick with iMessage to avoid iPhone SMS spoofing
Apple on Saturday officially responded to reports that its latest mobile operating system remains vulnerable to text message spoofing, recommending that customers use its more secure iMessage service instead.
A hacker on Thursday drew headlines when he urged Apple to plug a hole in iOS that could allow malicious individuals to send text messages that appear as if they're coming from someone else.
Like other mobile operating systems, iOS SMS messages support transmission of optional, advanced features in the header section of text messages, including a "reply to" address. Since most wireless carriers don't perform verification checks on these header specifications, incoming SMS messages to iPhones could be manipulated to appear as if they're coming from the "reply to" address and not the actual sender.
In a statement obtained by Engadget, Apple reminds customers that its iMessage service was designed to safeguard against the vulnerabilities of the yesteryear Short Message Service (SMS):
Introduced by Apple in June of 2011 as an alternative to SMS messaging, iMessage allows users to send texts, photos, videos, contact information, and group messages over Wi-Fi or 3G to other iOS?5 users. It's accessible through the Messages app on an iPhone, iPad, or an iPod touch running iOS 5 or later or on a Mac running OS X Mountain Lion or later.
A hacker on Thursday drew headlines when he urged Apple to plug a hole in iOS that could allow malicious individuals to send text messages that appear as if they're coming from someone else.
Like other mobile operating systems, iOS SMS messages support transmission of optional, advanced features in the header section of text messages, including a "reply to" address. Since most wireless carriers don't perform verification checks on these header specifications, incoming SMS messages to iPhones could be manipulated to appear as if they're coming from the "reply to" address and not the actual sender.
In a statement obtained by Engadget, Apple reminds customers that its iMessage service was designed to safeguard against the vulnerabilities of the yesteryear Short Message Service (SMS):
"Spoofed" SMS messages can include anything from a spam to phishing attempts at personal information. The weakness flaunted by the SMS specification is similar to vulnerabilities in the standard email specification, which similarly does not authentic the names and addresses in header data.Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.
Introduced by Apple in June of 2011 as an alternative to SMS messaging, iMessage allows users to send texts, photos, videos, contact information, and group messages over Wi-Fi or 3G to other iOS?5 users. It's accessible through the Messages app on an iPhone, iPad, or an iPod touch running iOS 5 or later or on a Mac running OS X Mountain Lion or later.
Comments
Are other smartphones immune from this SMS issue? Is it iPhone-specific? (Some statements imply that this is not an iPhone issue at all, just a carrier issue.)
Too bad iMessage is messed up! I had to turn mine off. It was taking up to an hour for a message to send with a full signal. Half the time it would make me send as a text anyway.
It started working really good when i had my 3GS and when I first got my 4s... but the last couple of months the service has totally sucked. I am not the only one in my area who is complaining.
Even when using Wi-Fi... it sucks!
Numerous calls to AT&T and Apple have been of no help. So, I just turned off iMessage and have zero problems sending and receiving texts.
If they would acknowledge and fix the problem, I would definitely use it.
I love iMessage, but many messages have to be sent as SMS, and it seems to be random when it works and when it doesn't. Most of the time it works, but I will say that it doesn't about 10-15% of the time. Both sender and receiver have wifi and iPhone 4S. Even worse is pictures ("MMS") which 95% of the time doesn't work with iMessage. I've experienced it taking 15 minutes to send 3 pictures with iMessage on a 12MBit/s wifi. Using real MMS sending the same pictures takes about 15 seconds. But the real problem here is that most of the time it doesn't work at all. I'm from Norway and I have normal 3G and wifi without other problems.
"In response, AT&T has stated that to use iMessage, users must pay $10 more per month."
Yeah, iMessage should work really well, to my mother's 4 year old cell phone. #LowestCommonDenominator-LikeFaxandSMTP.
iMessage has always worked very well for me. I love it. I recommend it to everyone with an iPhone.
Cool solution, I'll just buy an iPhone for family, friends, and anyone else I might communicate with.
Quote:
Originally Posted by 28jp
Too bad iMessage is messed up! I had to turn mine off. It was taking up to an hour for a message to send with a full signal. Half the time it would make me send as a text anyway.
It started working really good when i had my 3GS and when I first got my 4s... but the last couple of months the service has totally sucked. I am not the only one in my area who is complaining.
Even when using Wi-Fi... it sucks!
Numerous calls to AT&T and Apple have been of no help. So, I just turned off iMessage and have zero problems sending and receiving texts.
If they would acknowledge and fix the problem, I would definitely use it.
iMessage works well. Too bad you comment and don't specifically detail how you come to that comment's conclusion.
No, as I mentioned in the original thread, this issue predates the iPhone and is in fact related to the SMS specification itself. Yesterday's headlines were maliciously misleading and I truly think there should be legal consequences for that.
Quote:
Originally Posted by nagromme
Are other smartphones immune from this SMS issue? Is it iPhone-specific? (Some statements imply that this is not an iPhone issue at all, just a carrier issue.)
I don't know that it's a vulnerability, in the same sense that the postal service is vulnerable to "spoofing" of return addresses. I assume that if all phones can receive SMS, all phones are equally vulnerable.
It's an SMS problem, not an iPhone-specific problem…
It would be great if I could iMessage my Android and other non-iOS buddies… but, alas...
Quote:
Originally Posted by mdriftmeyer
iMessage works well. Too bad you comment and don't specifically detail how you come to that comment's conclusion.
iMessage is temperamental at best. Too bad you don't read before reacting...
Quote:
Originally Posted by 28jp
It was taking up to an hour for a message to send with a full signal. Half the time it would make me send as a text anyway.
Originally Posted by Crowley
iMessage is temperamental at best. Too bad you don't read before reacting...
For him. I've not read that anywhere else.
While ATT encourages potential customers to go with samsung so that they will get to charge for the message service.
Maybe there is something I don't understand ... Using iMessage doesn't mean one can simply ignore SMS texts. So how does that eliminate text scams/spams?
Quote:
Originally Posted by NormM
Apple should make it more apparent that when you send a text between iOS devices, you automatically use iMessage. Just telling people to use iMessage when they aren't aware it's an automatic action isn't helpful! Messages that are blue in the Messages app use iMessage and are secure. Messages that are green are using SMS and cost you extra and are insecure.
I thought the same thing. Here there was a fantastic opportunity to blow their own horn and advertise iMessage a bit more (most don't know it exists given that the icon is for SMS), yet they chose to be typically brief instead. Wasted their chance.
Quote:
Originally Posted by tylerk36
While ATT encourages potential customers to go with samsung so that they will get to charge for the message service.
Sammy operates an iMessage equivalent called ChatON.
Quote:
Originally Posted by logandigges
I like iMessage. But not everyone has an iPhone or Mac or iPad or iPod touch. We need a real solution, Apple.
A Windows iMessage client would help a lot but if someone is SMS'ing from an old phone there isn't much you can do. I don't understand what else you would expect from a "real solution."
SMS is inherently insecure and inherently expensive. Apple is trying to move people away from it by offering an extremely secure, free client that integrates seamlessly with the old SMS as well as a lot of IM clients.
This seems like the best possible strategy to me.