Apple Pitches Security of iMessage in Response to SMS Spoofing Issue

[Shade12]

It's not a flaw in SMS. Apple needs to enhance their app.

The problem is not that there is an optional SMS header that gives a different reply-to number, it's that Apple reportedly displays only that number and doesn't display the originator number as well.

In other words, an evil site could send you an SMS with a reply-to number that matches someone or place known to you. Since the iPhone only displays that instead of the evil originator, you might be inclined to trust any link or other info... because you (falsely) believe the origin was friendly.

Hello there so are you electronic enginner ? Reason I'm asking cuz I want to be a computer engineer is computer enginner better than electronic enginner ? Or it support like computer support is better. Thanks

 

[Lark.Landon]

Wow, read through the first 20 comments or so and all I hear is, " Wahhh! Fix it, fix it! YouR LaMe aPpLe! Bull#### response! Your product sucks! "

Move on to AndroidRumors.com if you're so pissed off.

 

[NedBookPro]

If only iMessage was actually reliable! I absolutely love sending messages out and having them hang for five minutes before they decide to send as SMS. Or receive duplicate messages because I receive both an iMessage and SMS version at the same time!

I also enjoy when I'm chatting with people overseas via iMessage and one decides to come in as SMS. Thanks for that charge!

This happens over WiFi and 3G, for me and the other people. Multiple people.

I love the iMessage concept but it needs work.

Yup. iMessage is somehow broken.
If someone has iMessage enabled, and only uses it on wifi (because they have no 3G data), when they move out of the wifi zone, iMessage doesn't appear to change mode to SMS at their end.

Someone was waiting for an SMS/message from me for hours without getting it. The only way they could recieve it was when I turned imessage off and forced it into SMS mode on my phone.

iMessage buggy/broken/half-baked... Apple please fix.

Is it just me? or are we no longer able to say "it just works" for a lot of apple software lately.

----------

Wow, read through the first 20 comments or so and all I hear is, " Wahhh! Fix it, fix it! YouR LaMe aPpLe! Bull#### response! Your product sucks! "

Move on to AndroidRumors.com if you're so pissed off.

If it's broken, then it should be fixed right? (I'm talking generally, not about the sms spoofing issue)

I'm not aware of too many people willing to pay upward to $1000 for a device that does not work as intended. imessage is definitely broken.

And yes - it's frustrating - especially when one does expect perfection from apple as it nearly always was in the past few years. Lately it's been slipping.

I'm happy to pay premium for a product. So long as the product *IS* premium.

 

[The Phazer]

They may not be open source but when Apple announced FaceTime they said they were happy to license it to anyone that wanted to use it because they wanted it to become a standard on video communication.

So the issue might be that no one has taken them up on the offer

Apple didn't say that at all. Apple said that it was an open standard, that they were submitting to the relevant standards bodies. "Starting tomorrow" were Jobs' exact words.

They didn't. The notion licences are available is laughable.

Hyperbolic much. The 'hack' involved google, Amazon and user stupidity before Apple ever played a role

No, it's not hyperbolic at all.

And if your security system relies on users not being stupid, then it's already failed.

 

[usarioclave]

Yeah right

Come on Apple, just write a simple routine that alerts the user when the sender and the 'reply-to' don't match. Then the user is informed and can choose for themselves what they want to do. Problem solved.

Until you find out that every SMS that goes through one provider or another has a different sender number. Great, you've now screwed your users.

SMS has had this from day 1 and nobody has cared. Why is today different?

 

[Truffy]

So they want to pitch there own service rather than fix the problem? ugh.

so then iMessage is more secure that SMS. OK, now what?

Given that iMessage is a proprietary Apple-specific protocol, it's of no use as a SMS replacement outside the walled garden. Apple's counter-argument is dumb and offensive.

 

[Bezetos]

iMessage is used automatically so what the hell is this suppose to mean?

----------

No. Translation: This is a flaw in SMS, don't go to sites linked from SMS or stick with iMessage.

This is the same limitation as current email setups. You can spoof the sender of an email to make it look like it's coming from anyone.

Other phones handle this better though, and this is the whole point.

----------

Wow, read through the first 20 comments or so and all I hear is, " Wahhh! Fix it, fix it! YouR LaMe aPpLe! Bull#### response! Your product sucks! "

Move on to AndroidRumors.com if you're so pissed off.

Apple product users have no right to complain!

Resistance shall be futile!

Buy, pay, spend!

Apple shall prevail!

 

[Abazigal]

Is this SMS issue unique to iphones, or can it be replicated on any phone?

If the latter, how come Apple is solely receiving flak? What are the other companies doing to remedy this problem?

 

[Truffy]

Other phones handle this better though, and this is the whole point.

Is this SMS issue unique to iphones, or can it be replicated on any phone?

If the latter, how come Apple is solely receiving flak? What are the other companies doing to remedy this problem?

From the OP: "While SMS spoofing is certainly not new and can be performed through various services, this specific issue in the handling of reply-to addresses could be addressed fairly easily by Apple."

So it appears that SMS vulnerabilities are not peculiar to Apple, but they could address it in part themselves. But they'd rather we all just played in the walled garden with iMessage.

 

[GoCubsGo]

Except that not everyone I message has an iPhone. So there's that, Apple.

 

[MvdM]

What's the next commonly used technology after Flash and SMS that will be dissed by Apple? USB?

 

[foodog]

How can they fix the problem if the From address is not sent from iOS properly? iOS sends that data in fields. I can easily spoof in email and I'm guessing the process is similar.

You realize the issue is more than just IOS device right?

 

[ncaissie]

You realize the issue is more than just IOS device right?

Of course I do. But Apple can take the lead and fix this on their iOS.
Maybe Google will copy them again.

 

[JAT]

No, it's not hyperbolic at all.

And if your security system relies on users not being stupid, then it's already failed.

That's just ridiculous. Where are you going to draw the line? When do we stop relying on other people (or companies, govts) to make sure nothing happens to us? This is about phishing scams, not 1980s computer viruses.

 

[usarioclave]

How do other phones do it?

Other phones handle this better though, and this is the whole point.

How do other phones handle this? Can you give two examples?

 

[macmagician]

FYI this app does sms over internet end to end encryption and has most platforms covered, http://www.whatsapp.com

 

[Tinmania]

FYI this app does sms over internet end to end encryption and has most platforms covered, http://www.whatsapp.com

It does not do sms over the Internet. It is just another messaging service like yahoo messenger and countless others.




Michael