After news of the iPhone's SMS security hole broke, questions were raised about the exploit's influence over competing OS's. Fortunately, it seems as if the text-messaging exploit in question is exclusive to Apple's popular smartphone.
According to Cathal McDaid of AdaptiveMobile, iOS is the only operating system that the security hole exists on. Called "phishing", the hole allows people to change the reply-to-address when they send you texts. The most frequently cited example of this technique's use is sending texts through a bank's phone number, asking for sensitive financial information.
The site attempted to use this flaw on Android, Windows Mobile, Blackberry, and Symbian, and found that they dodge the exploit by not showing the Reply-Address at all.
McDaid states, "any device, be it the iPhone or some other device, that displays the Reply-Address is opening itself up to malicious use, as the Specification clearly outlines."
In a statement to Engadget, Apple responds to the exploit, saying: "Apple takes security very seriously...When using iMessage instead of SMS, addresses are verified which protects against those kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
While Apple reassures that iMessage is the safest way to text, SMS is required to communicate with phones operating on different OS's.
So the question remains: will Apple plug this security hole in the upcoming iPhone 5? All signs point to Apple taking a special interest in enhanced security measures, including the likely addition of fingerprint technology to protect iOS 6's digital transaction service, Passbook.
It remains to be seen whether or not Apple will take out the reply-address from the iPhone 5's SMS service, but one thing is clear: be as cautious as ever with your financial information.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
