A few days ago I told you that Pod2G discovered a new vulnerability in the iOS SMS/MMS system. The vulnerability discovered by the hacker is very old and allows anyone to send SMS/MMS with fake numbers to users. After the publication of this information, Apple was criticized for not solving such an important security problem and today the company gave a press statement to Engadget, a statement by which it tries to make it clear that a solution to the problem may not be ever appear.
Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.
Through this statement, Apple recommends users to replace the SMS service with the iMessage included in iOS, presenting it as a much safer service. Of course, Apple is right, but their message could not be different because the whole problem of SMS/MMS spoofing does not only concern mobile phone manufacturers, but also operators. Apple basically tells us that iMessage is the future and SMS remains an option for people who don't have iDevices.
