Rather than fixing a security problem discovered last week, Apple tells users concerned with SMS spoofing to use its iMessage product instead of text messages.
Apple iPhone 5 Vs. Samsung Galaxy S III: What We Know
(click image for larger view and for slideshow)
Apple's response to the security hole discovered in its iOS platform is pretty much worthless and misses the point entirely.
"Apple takes security very seriously," said Apple in a statement sent to Engadget over the weekend. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
In other words, Apple suggests that users concerned with the security of their smartphone should trust iMessage instead of SMS. If only it were that easy.
iMessage is only available to Apple's iPhone, iPad, and Mac computers. It uses the Internet to send short messages between devices rather than the traditional pipes used to deliver text--or SMS--messages. It works really well for iOS and Apple device users, and is helpful because it syncs conversations across devices. I can start an iMessage conversation on my iPhone and continue it later from my desktop.
As Apple said above, iMessage users are verified against email addresses, Apple accounts, and also phone numbers that can be attributed to real people.
In the real world, though, most people buying new smartphones aren't choosing the iPhone and iMessage--they're picking Android smartphones. Further, there are still plenty of other smartphone options out there: Windows Phone, BlackBerry, Symbian, and so on. Hundreds of millions of people out there are sending text messages the old fashioned way because they don't have access to iMessage.
It's also worth pointing out that bad guys don't play by the rules. People who are serious about ripping off others probably won't be using accounts that can be tied to their real identity.
So what's an iPhone user to do in this case? As Apple (and the researcher pod2G who discovered the bug) says, don't click on links in SMS messages if you don't know with certainty who the sender is. Additionally, don't send personal information in response to SMS messages from financial or other institutions.
Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. Also in the new, all-digital Mobile Device Backup issue of InformationWeek: Take advantage of advances that simplify the process of backing up virtual machines. (Free with registration.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.