3 years, 3 months ago

Earlier today, we reported that iOS jailbreaker pod2g had found a vulnerability in iOS that allowed people to spoof the origin of an SMS text message. Pod2g pressured Apple to patch the issue, and advised that all users be wary of text messages they receive until Apple does something about this security flaw.

Now, Engadget has received a statement from Apple, in response to inquiries about this security issue. It reads as follows:

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.

It seems that Apple is refusing to take any major action against this bug, and is simply stating that SMS uses a flawed system. It is possible we will see some change coming before iOS 6 is released, but for now it looks as though Apple has a clear stance on the issue. The do, however, recommend using iMessage, since their service verifies addresses for security’s sake. Overall, SMS security seems like it should be the responsibility of the carrier, rather than Apple.