08/24/2012

Spoof Apple!

Beware the SMS.

Apple security researcher pod2g discovered a flaw in the iPhone messaging system last week.

Apparently the iPhone is vulnerable to an attack recently labeled “spoofing”.

Basically, someone can send a message to your iPhone but program it so it looks like it came from your mom, brother, girlfriend, boss, great aunt, friend from high school, etc., so when you respond, it actually goes back to the spoofer instead of to your mom.

When I first heard about this, I did not immediately think of the dangers. My first thought was, “Well that sure would be awkward if you sent that private joke between you and your best friend to your dad.”

After doing some research, though, I realized that the intent of the master spoofer is not to make things awkward, but to steal your soul.

The spoofer can pose as, let’s say, your mom asking for your social security number for a health insurance form. Instead of thinking, “Hmm, why does mom need my social security number? She’s a mom. She knows everything,” you foolishly respond with your secret numbers and BAM! You have no more identity.

With most phones, you can finagle your way to see both the reply-to number and the original source number, Pod2g wrote in a recent blog post. On iPhones, however, you can only see the reply-to number, so you can’t track the original sender.

Just remember, folks, don’t give out private information over a text. It’s just like those emails from “your bank” that ask for your password and security question answers.

If you get a suspicious text from someone, give him or her a call to make sure they are really the person texting you, or wait until you can talk to them face to face.

Like Pod2g said, “Never trust any SMS you received on your iPhone at first sight.”