A hacker claims that the Apple's iPhone is vulnerable to text message spoofing. The vulnerability exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4.
The issue lies in the header of a SMS message, which includes both the originating number of the message and a reply-to number. The iPhone only displays the reply-to number and loses track of the originating number, which creates a few possible problems:
According to pod2g, this issue could allow scammers to send people to phishing websites under the guise of a financial institution, or allow criminals to plant spoofed messages as false evidence on other peoples’ phones. It also opens up other types of manipulation where the recipient thinks a message is coming from a trusted source.
After a hacker revealed the vulnerability earlier this week, Engadget received this response from Apple on the matter:
"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS."
