Apple has responded to pod2g’s discovery of a vulnerability in iOS that allows for spoofing of SMS messages, reports Engadget.
Here is Apple’s official statement:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
While Apple is correct in noting that SMS does allow messages to be sent with a different reply-to address, it neglects to comment on why iOS does not let you see who you actually getting the message from.
Pod2g notes, “In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin.”