iPhone users, beware: a recently discovered flaw in iOS makes it possible for anyone to fake the number you’re receiving an SMS message from. This means that an SMS message might seem to come from a trusted source like your friends, family, or even your bank, when in fact it is coming from some unknown source.
The flaw, discovered by pod2g, is said to have been around since the first iteration of iOS on iPhone, and is also present in the latest version of iOS 6, Beta 4. While the problem actually lies with SMS protocols in general, the iPhone’s interface makes it harder to ensure who the SMS is really coming from, and makes it easier to fake the reply-to number. So when you hit reply, you might actually be replying to a different person than the one you think.
According to Engadget, Apple has responded to the issue with the following statement:
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
Basically, Apple recommends that you use iMessage whenever possible, and blames the flaw on the limitations of SMS in general.
iPhone or no iPhone, you should be aware of the possibility of fake SMS messages, and be extra careful when providing private or sensitive information via text message. You can’t always tell for sure who actually sent that message.
Have you ever received a fake text message on your iPhone?
Source: pod2g’s blog