iPhones vulnerable to fake text message exploitation – Apple ignoring the threat

23/04/2015 Filed under IT

Due to a design problem with the iOS software that runs Apple’s iPhones, it is possible for an attacker to send fake text messages that appear to be from another phone number.
The technique know as “spoofing” or “smishing” (SMS phishing) means that an attacker can send text messages that appear to be from your bank, employer or any other trusted source, in an attempt to trick you into providing sensitive information.
Apple’s response to the vulnerability has been that iPhone users should use the iMessage functionality which is not affected by the problem.
Unfortunately as the iMessage functionality is only native to Apple products this isn’t a solution when communicating with people who use non-Apple phones that don’t have the iMessage app installed.
Consequently, the best approach for iPhone users is a healthy dose of scepticism when receiving text messages and to think twice about clicking links or sharing sensitive information via text messages.
As with emails, if you have the slightest suspicion that you may have received a fake text message, speak with the alleged sender of the message before clicking on any links, opening attachments or replying.