Apple Suggests iMessage As SMS Bug Work-Around
By Eric Zeman
InformationWeek
"Apple takes security very seriously," said Apple in a statement sent to Engadget over the weekend. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
In other words, Apple suggests that users concerned with the security of their smartphone should trust iMessage instead of SMS. If only it were that easy.
iMessage is only available to Apple's iPhone, iPad, and Mac computers. It uses the Internet to send short messages between devices rather than the traditional pipes used to deliver text--or SMS--messages. It works really well for iOS and Apple device users, and is helpful because it syncs conversations across devices. I can start an iMessage conversation on my iPhone and continue it later from my desktop.
As Apple said above, iMessage users are verified against email addresses, Apple accounts, and also phone numbers that can be attributed to real people.
[ Apple doesn't talk about security very often. Read Apple Security Talk Suggests iOS Limits. ]
In the real world, though, most people buying new smartphones aren't choosing the iPhone and iMessage--they're picking Android smartphones. Further, there are still plenty of other smartphone options out there: Windows Phone, BlackBerry, Symbian, and so on. Hundreds of millions of people out there are sending text messages the old fashioned way because they don't have access to iMessage.
It's also worth pointing out that bad guys don't play by the rules. People who are serious about ripping off others probably won't be using accounts that can be tied to their real identity.
So what's an iPhone user to do in this case? As Apple (and the researcher pod2G who discovered the bug) says, don't click on links in SMS messages if you don't know with certainty who the sender is. Additionally, don't send personal information in response to SMS messages from financial or other institutions.
Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. Also in the new, all-digital Mobile Device Backup issue of InformationWeek: Take advantage of advances that simplify the process of backing up virtual machines. (Free with registration.)
Federal agencies must eliminate 800 data centers over the next five years. Find how they plan to do it in the new all-digital issue of InformationWeek Government. Download it now (registration required).

| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
InformationWeek Reports
Mobility's Next Challenge: 8 Steps to a Secure Environment
Taking your company's mobile capabilities to the next level--whether on personally or company-owned devices-requires a lifecycle management plan that encompasses application security, development, distribution, support and enhancement. We show you how to get there and provide insight into five mobile application development options.
Buyer's Guide: Mobile Device Management
Want the lowdown on nine top MDM products? Our InformationWeek Buyer's Guide is your one-stop guide for choosing an MDM system that match your requirements. ZIP file includes: Detailed comparison charts on security, administration, and platform and reporting features; our full questionnaire; and responses from Absolute Software, AirWatch, Fiberlink Communications, JAMF Software, MobileIron, Odyssey Software, Symantec, Tangoe, and Zenprise.
Dark Side of Mobile Apps
Companies are rushing headlong to develop applications for Android, Apple and BlackBerry devices. But IT must maintain its secure development lifecycle process or risk a black eye.
Reducing Mobile Device Risks to Enterprise Data
Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. We offer a framework of four possible strategies to secure the mobile environment.



Subscribe to RSS