HOUSTON—A hacker says he’s figured out a way to trick the Apple iPhone into believing received text messages are coming from someone else.
This means SMS text messages that appear to be from a loved one or your bank, may just be from someone who is out to steal your information.
It was just last week on KHOU 11 News we told you about “smishing,” which is something similar to phishing. It’s when someone texts you, asking for personal information, all while pretending to be an authority figure.
Hackers say even the latest iPhone software has a loophole they can use to spoof or pretend to be someone else.
These faked messages can appear to come from your bank, the IRS, etc. so they can then ask you personal questions. People who are unaware, might just respond with personal information.
The hacker who publicized this on the Internet last week goes by the name Pod2G.
When asked about the loophole by Engadget.com, Apple responded with this:
“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses...”
That’s Apple’s way of saying they know about the problem but can’t or won’t fix it. In addition, while the iPhone is especially vulnerable to this kind of attack, it is possible to spoof numbers on other phones as well.
As far asApple’s iMessage solution, it is a good one, but it will only work if you are texting someone who also has an iPhone with iMessage enabled. You can access this option in your Settings icon under “Messages.”
Lastly, remember you will never receive a text message from any authority or entity asking for your personal info. If you get a message like that, don’t respond but do report it to your phone carrier. Also, make sure your loved ones (especially the elderly) are aware of this security issue so they don’t become a victim.