"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."-Apple's statement
It was just Friday when we told you about a flaw discovered in the way iOS handles SMS messages
. Advanced SMS functions can be accessed by those playing around with the UDH (User Data Header) section of a text message. One serious function would allow a hacker to change the reply-to path to another number. Information meant for someone via reply text could end up in the hands of someone itching to get his hands on your personal information
. A spoofed message could appear to be coming from your bank, when it reality it's coming from Joe Hacker who will sell your social security number and other confidential information for big bucks.
Apple's response was, well, typical Apple. Instead of creating a fix for this problem in iOS 6 while there is time (one suggested idea was to have a text message come with both the original and reply-to addresses visible), Apple took this as an opportunity to promote its iMessages application by saying that it verifies addresses
which will protect the user from getting spoofed.
The Cupertino based tech giant didn't finish its response without stating that SMS allows spoofed messages over any phone and suggests that SMS users be careful to make sure that they aren't being directed to an unknown website or address over SMS.