Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.
Interesting statement from Apple that seems to throw the blame for the SMS vulnerability over to the SMS protocol. That actually might be the case, but Pod2G’s assessment is that Apple could fix it in an upcoming release.
iMessage, though it sometimes goes down for days at a time, is a good means of communication between your Apple-using buddies. However, with Apple not even at a quarter of total phone penetration, SMS is unfortunately something that still needs to be used.
Other ways to avoid the built-in SMS app vulnerabilities are to use third-party SMS applications like Google Voice.
Pod2G’s assessment of the issue below:
I mentioned it on twitter a few days ago, I found a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4. Apple: please fix before the final release.