Rather than fixing a security problem discovered last week, Apple tells users concerned with SMS spoofing to use its iMessage product instead of text messages.
Apple iPhone 5 Vs. Samsung Galaxy S III: What We Know
(click image for larger view and for slideshow)
Apple's response to the security hole discovered in its iOS platform is pretty much worthless and misses the point entirely.
"Apple takes security very seriously," said Apple in a statement sent to Engadget over the weekend. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
In other words, Apple suggests that users concerned with the security of their smartphone should trust iMessage instead of SMS. If only it were that easy.
iMessage is only available to Apple's iPhone, iPad, and Mac computers. It uses the Internet to send short messages between devices rather than the traditional pipes used to deliver text--or SMS--messages. It works really well for iOS and Apple device users, and is helpful because it syncs conversations across devices. I can start an iMessage conversation on my iPhone and continue it later from my desktop.
As Apple said above, iMessage users are verified against email addresses, Apple accounts, and also phone numbers that can be attributed to real people.
In the real world, though, most people buying new smartphones aren't choosing the iPhone and iMessage--they're picking Android smartphones. Further, there are still plenty of other smartphone options out there: Windows Phone, BlackBerry, Symbian, and so on. Hundreds of millions of people out there are sending text messages the old fashioned way because they don't have access to iMessage.
It's also worth pointing out that bad guys don't play by the rules. People who are serious about ripping off others probably won't be using accounts that can be tied to their real identity.
So what's an iPhone user to do in this case? As Apple (and the researcher pod2G who discovered the bug) says, don't click on links in SMS messages if you don't know with certainty who the sender is. Additionally, don't send personal information in response to SMS messages from financial or other institutions.
Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. Also in the new, all-digital Mobile Device Backup issue of InformationWeek: Take advantage of advances that simplify the process of backing up virtual machines. (Free with registration.)
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 18, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."