Apple admits the existence of a bug that compromises the security of SMS sent and received from iPhone and iOS devices: here is the suggested alternative.
A bug has been discovered in the security of sms via iPhone: the person who realized this was Pod2g, a famous hacker who raised the alarm.
Pod2g actually noticed that, whether sending or receiving sms, through iPhone and iOS devices it is possible to change the sending phone number, thereby falsifying the sender.
There is indeed the possibility to enter a new phone number in an optional field: by doing so, the system actually transmits this number as the main sender of the sms, without showing the real phone number from which the communication started.
A big headache for Apple device security: exploiting this flaw, malicious actors could start sending fraudulent sms hiding behind the credentials of contacts actually in the address book, perhaps adding links in the text that lead to webpages specially designed to steal important personal data.
All this happens without the need to download special apps or dedicated tools: the possibility is inherent in the devices themselves.
It is hoped that the situation can be reversed with the release of iOS 6, also because the discoveries of hacker Pod2g did not stop at the just described mechanism: it has emerged that this flaw has been present since the first version of Cupertino’s operating system, so for at least 5 years.
In short, this potentially dangerous situation has never been remedied.
Once the issue became public, Apple decided to communicate a possible solution via press release: the bug is admitted and caution is recommended.
It is further noted that the possibility to change the sender number is anyway present in any existing User Data Header.
However Pod2g points out that in other cases both phone numbers indicated are displayed, while on iOS devices only one.
The solution according to Cupertino does not seem to relate to closing the security flaw but as an alternative: using iMessage, a system that is subject to more controls, since it was developed directly by Cupertino’s labs.
A solution that leaves a bitter taste, first because it seems that Apple wants to admit the problem but at the same time does not want to fully take charge of fixing it.
Secondly, it is worth noting that iMessage may perhaps be an optimal solution for owners of iOS devices wishing to communicate with other iOS device owners or with OS X Mountain Lion: the functionality is not indeed supported with devices running other operating systems.
A half solution then, which one hopes will instead see a complete fix in the next iOS 6.
Be the first to comment