The king of the mobile email for more than a decade

BlackBerry Breaking News

Subscribe to BlackBerry Breaking News: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get BlackBerry Breaking News: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

BlackBerry Authors: OnPage Blog, Kevin Benedict, AppNeta Blog, Qamar Qrsh, AppDynamics Blog

Related Topics: iPhone Developer, Consumer Electronics, Macintosh Magazine, BlackBerry Breaking News, The Social Media Guide, Android

Blog Feed Post

Myths Regarding Recent iPhone SMS Vulnerability Dispelled

Mobile network operators not to blame for iPhone SMS vulnerability; AdaptiveMobile reveal handset as source of problem

London, 23 August, 2012 - AdaptiveMobile, the world leader in mobile security, today dispels some of the myths regarding the recent iPhone SMS vulnerability which could allow scammers to 'spoof' the sender of a text message, allowing them to pose as a known friend or contact. Whilst mobile operators have recently come under fire for this exploit, AdaptiveMobile argues that the source of the problem is the handset, not the network.

"Device manufacturers, like all members of the mobile ecosystem should aim to take security seriously and ensure their devices comply with a wide range of standards and technical recommendations," says Cathal McDaid, Security Consultant, AdaptiveMobile. "For SMS to remain a trusted, clean channel, companies need to be vigilant that their products both properly conform to standards and don't inadvertently expose flaws that can compromise their customers.

The exploit was first revealed by a researcher on the pod2g blog and the exploit misuses an optional 'Reply Address' field within the SMS protocol upper-layers. If misused, the iPhone SMS client displays a different address / phone number as the sending address rather than the actual originating address. This could be used to show recipients that text messages are from someone familiar, when they originate from a hacker or external party.

"We know conclusively that this is not a network problem because the 3GPP specification - which outlines how modern mobile phones and networks operate today - discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this," continues McDaid. "We have tested this issue on Android, Windows Mobile, BlackBerry and Symbian phones and most of them simply ignore the 'reply address' field or display both the 'real' originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations."

Apple has responded to these claims, acknowledging the weakness, but without any stated intention of remedying the situation.

"Historically, the 'reply-address' field was introduced to allow users to reply to texts which were 'broadcast' from information agencies or marketing firms, for example. These broadcast systems may not be capable of receiving messages, so this system allows for more interaction," continues McDaid. "However, whilst most handsets now ignore this quirk, with the remainder treating the field correctly, Apple has left a significant vulnerability in its handsets which could allow consumers to be fooled and hand over personal details to hackers and criminals. This reinforces the importance of handset manufacturers, operators and security providers collaborating and helping to keep SMS as a secure, reliable and trusted channel."


About AdaptiveMobile:
AdaptiveMobile is the world leader in mobile security, enabling trusted networks for the world's largest operator groups and protecting one in six subscribers globally. AdaptiveMobile provides Operators with the most comprehensive network-based security solutions enabling them to protect their consumer and enterprise customers against the growing threat of mobile abuse.

Press contacts:
Rocket Communications (UK)
Ella Thompson / Sally Brown
[email protected]
+44 8453 707 024

Anne Coyle
[email protected]
+1 857 222 6363

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.