It has just recently come to light that the iPhone’s iOS contains what is being referred to as a “severe” security flaw in its SMS system according to an iPhone jailbreak developer who goes by the name of “Pod2g.” Apparently this gaping hole in Apple’s security system allows for text messages to be sent to iPhone’s while side stepping Apple’s security network.
Pod2g explains that in iOS 6 beta 4, where he found the security hole, there is flaw that could permit would-be thieves or scammers to send you a message from say, your bank account, asking to use your information with malicious intent. Why is this a big deal when it’s only a beta? Because this hole already exists. And Pod2g is insistent in his belief that himself, other developers, and cyber criminal groups are already aware of the flaw, and therefore could already be exploiting it.
Basically the way it works, is this security flaw allows for the header that you see on top of your text messages that says “mom” or “dad” or “Bob” to be changed to represent a header from someone who could be phishing for your information. Say you get a text message and the header says “Wells Fargo” or “Bank” or maybe “State Farm.” While not everyone would fall for this, money is still made every year from phishing scams.
The response from Apple doesn’t exactly have the major carriers rallying around them. This week an Apple spokesperson said.
“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”
So you hear that? Cancel your texting plans and upgrade to (at least) iOS 5. iMessage allows you to text any other iOS device for free.
Until the hole can be closed be wary of suspicious websites sent to you via text or of any text messages from people you don’t know.