It was only a matter of time before people uncovered security holes and vulnerabilities in Apple's iOS. After all, it's crazy popular. Tens of millions (maybe even hundreds) of fanboys and fangirls all over the world are head over heels over their iPhones and iPads, which makes the operating system an even more attractive target to hackers and cyber criminals.
Sort-of security researcher and jailbreak master (okay, so he's also a hacker) pod2g recently came across a security flaw in the iPhone's messaging system which would allow the abovementioned hackers to access and steal your info.
The hacker-slash-researcher explained that the vulnerability has been there since the iPhone was first released back in 2007. Pretty crazy that no one else has picked up on this until now, isn't it?
The flaw can be taken advantage of to text message spoofing, which allows people with malicious intentions to send messages to users in the guise of one of their contacts. They could then encourage the recipients to visit infected sites, or worse, send over their private information.
Even if you have iOS 6, your iDevice will still be prone to text spoofing. As pod2g explains it: "In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin."
Crazy how a feature could actually contribute to complications of tracing spoofed messages.
Apple has since responded to these reports, stating: "One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS."
Well, that's not very helpful. But in any case, here are a couple of things you should remember:
- If you got a weird or suspicious-sounding message, call the person who sent it to you so you can clarify things without responding to the text message.
- If you get messages containing unknown links, ignore them. (Or again, call the person.)
- If you get messages asking you for information (or weird, random stuff), don't reply with the requested info but instead ask why they're asking (or verify the sender's identity or intent by, again, calling them.)
- When in doubt, just call the sender and get it over with.