The iPhone, not mobile network operators, are responsible for a vulnerability in the handset's SMS feature, a mobile security company said Thursday.
AdaptiveMobile commented on a researcher's finding in a blog that a flaw in the iPhone could allow crooks to exploit users via text messaging by, for instance, misrepresenting the origin of a message. The iPhone SMS client, if misused, displays a different address/phone number than the actual information, AdaptiveMobile said. In other words, an iPhone user might be fooled into believing a message is coming from a friend or known business and inadvertently share sensitive information like bank records with a criminal.
AdaptiveMobile said it performed tests on competing phones – including Android, Windows Mobile, BlackBerry and Symbian handsets – and found that most handsets "simply ignore the 'reply address' field or display both the 'real' originating address and the reply address as per the specification recommendations."
"The iPhone, so far, is the only device which does not comply with these security recommendations," AdaptiveMobile said.
Apple has responded to the concerns.
"Apple takes security very seriously," the company said in a statement to Information Week. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
iMessage is Apple's unlimited texting service for the iPhone, iPad and iPod.