Mobile
Commentary
8/20/2012
10:40 AM
Eric Zeman
Eric Zeman
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Apple Suggests iMessage As SMS Bug Work-Around

Rather than fixing a security problem discovered last week, Apple tells users concerned with SMS spoofing to use its iMessage product instead of text messages.

Apple iPhone 5 Vs. Samsung Galaxy S III: What We Know
Apple iPhone 5 Vs. Samsung Galaxy S III: What We Know
(click image for larger view and for slideshow)
Apple's response to the security hole discovered in its iOS platform is pretty much worthless and misses the point entirely.

"Apple takes security very seriously," said Apple in a statement sent to Engadget over the weekend. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."

In other words, Apple suggests that users concerned with the security of their smartphone should trust iMessage instead of SMS. If only it were that easy.

iMessage is only available to Apple's iPhone, iPad, and Mac computers. It uses the Internet to send short messages between devices rather than the traditional pipes used to deliver text--or SMS--messages. It works really well for iOS and Apple device users, and is helpful because it syncs conversations across devices. I can start an iMessage conversation on my iPhone and continue it later from my desktop.

As Apple said above, iMessage users are verified against email addresses, Apple accounts, and also phone numbers that can be attributed to real people.

[ Apple doesn't talk about security very often. Read Apple Security Talk Suggests iOS Limits. ]

In the real world, though, most people buying new smartphones aren't choosing the iPhone and iMessage--they're picking Android smartphones. Further, there are still plenty of other smartphone options out there: Windows Phone, BlackBerry, Symbian, and so on. Hundreds of millions of people out there are sending text messages the old fashioned way because they don't have access to iMessage.

It's also worth pointing out that bad guys don't play by the rules. People who are serious about ripping off others probably won't be using accounts that can be tied to their real identity.

So what's an iPhone user to do in this case? As Apple (and the researcher pod2G who discovered the bug) says, don't click on links in SMS messages if you don't know with certainty who the sender is. Additionally, don't send personal information in response to SMS messages from financial or other institutions.

Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. Also in the new, all-digital Mobile Device Backup issue of InformationWeek: Take advantage of advances that simplify the process of backing up virtual machines. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
8/21/2012 | 10:37:33 PM
re: Apple Suggests iMessage As SMS Bug Work-Around
Yes, outrageous on the face of it. But come on, Apple always makes a defensive blowhard comment like that to deflect criticism while they work on a fix. It's amazing that they haven't figured out what a stupid strategy that is but for now I'll assume that they are true to form and will fix it the problem in due time.
sam-augur100
50%
50%
sam-augur100,
User Rank: Apprentice
8/21/2012 | 5:07:43 PM
re: Apple Suggests iMessage As SMS Bug Work-Around
I agree with all of you. And like Mack Knife said, it could just be a ploy to push an "i" based messaging system to make it popular in as little time as possible. Really Apple, if Steve J. was around, would this have gone by?
Unfortunately, a fix will come in the form of a new iOS upgrade/update and anyone using an iPhone 3 or lower may end up being forced to upgrade.
Then again, this could be another reason to force people to upgrade to a new iPhone from their old one.
pkohler01
50%
50%
pkohler01,
User Rank: Apprentice
8/21/2012 | 3:17:13 PM
re: Apple Suggests iMessage As SMS Bug Work-Around
It's somewhat disturbing that Apple responded this way. It reminds me of how Microsoft used to handle security bugs.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
8/21/2012 | 12:44:03 AM
re: Apple Suggests iMessage As SMS Bug Work-Around
Wow... so, I wonder what AT&T, Verizon and Sprint say about Apple telling iPhone users not to text.

A vendor like Apple that can't get their stuff together enough to fix an issue, so they decide to take it out on their resellers? I DARE anyone else in the technology ecosystem to try pulling a stunt like that.

Oh, this is certainly too good to be true...

Andrew Hornback
InformationWeek Contributor
RudiX
50%
50%
RudiX,
User Rank: Apprentice
8/20/2012 | 4:14:16 PM
re: Apple Suggests iMessage As SMS Bug Work-Around
And when you want to text someone on a device other than Apple? What then?
Mack Knife
50%
50%
Mack Knife,
User Rank: Apprentice
8/20/2012 | 4:10:53 PM
re: Apple Suggests iMessage As SMS Bug Work-Around
This is laughable. Lets not fix the problem, lets tell all our dummy customers to use something else, something with an "i" in it.

Can you say lambs?
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
Protecting Critical Infrastructure: A New Approach NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.