If you have an iPhone and you use it to communicate with people via SMS, here’s something that you will definitely want to take special note of. Earlier this month, Apple made an announcement that SMS is not a service that can be particularly trusted at this time.
This statement came after a popular “iPhone jailbreaking artist” sent a message out into cyberspace citing that due to a “flaw” that is currently in Apple’s implementation of SMS, there could be spoof SMS messages that are being sent out. More specifically, the error could provide internet scammers with the capability to phish a variety of websites under the “identity” of being a reputable financial institution or allow criminals to put inaccurate information directly into people’s phones. It could also allow an iPhone user to think that they are getting a message from someone that they trust, when it’s actually an individual who has hacked into their SMS account.
How this is able to happen is because text messages are converted into a format that is known as a Protocol Description Unit. It is what spells out all of the information that an SMS message needs to reach its final destination. One of the particular information types is called a User Data Header indicator; it is what allows the user to change the reply address of the message that they receive.
The challenge with an iPhone is that when the sender specifies their reply-to number in this format, the sender is unable to see the original number within the text message. This makes it fairly impossible for the recipient of the SMS to know if the message that they got was a legitimate one or just a spoof.
In response to this concern, Apple has publicly recommended that iPhone users go with their iMessage service rather than the SMS option that is available to them. This is because when iPhone users send a text via iMessage, the addresses are verified. Another word of caution that Apple offered was that the limitations of SMS actually allows messages with a spoofed address to be sent to virtually any phone, so customers should be extremely careful if/when they receive a message that tells them to go to an unfamiliar website or address while using SMS.
All of this information definitely doesn’t give the best SMS marketing, but Apple is exploring ways to correct the situation. A pretty obvious and simple solution would be to have iOs (Apple’s mobile operating system) display both the original and reply-to address in every message, so that if one of the addresses didn’t match, it could send an immediate alert to the user that something was not right.
The good news is that while all of this is getting figured out, according to an article posted on SMSSpoofing.com, the United States is not nearly as easy to spoof as some other countries. So, while iPhone users should definitely take the warning seriously, there is not a need to let it transition into paranoia.
Besides, we’ve all heard for years that we should be careful about what we put in print, anyway. This is just a heads up that “SMS-ing” should be included on the “print list”.