Apple Pitches Security of iMessage in Response to SMS Spoofing Issue - MacRumors
Skip to Content

Apple Pitches Security of iMessage in Response to SMS Spoofing Issue

by

Late last week, jailbreak hacker pod2g disclosed an issue with the way Apple's iOS handles optional headers in SMS messages, a vulnerability that could allow users to be targeted by SMS spoofing that makes messages appear to originate from people other than the actual senders. While SMS spoofing is certainly not new and can be performed through various services, this specific issue in the handling of reply-to addresses could be addressed fairly easily by Apple.

Engadget reported over the weekend that it had obtained a statement from Apple on the issue, with Apple simply touting its iMessage service as a more secure alternative to SMS.

Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.

imessage ipad mac iphone
iMessage is of course an Apple-specific messaging service, and is thus only compatible with iOS devices running iOS 5 or later and Macs running OS X Mountain Lion. Consequently, it is generally not possible for users to entirely replace their SMS usage with iMessage. Apple has also not committed to making any changes in how it handles reply-to addresses for SMS, so it is unknown whether they will be directly addressing the issue.

Popular Stories

Dynamic Island iPhone 18 Pro Feature

11 Reasons to Wait for the iPhone 18 Pro

Monday May 11, 2026 9:01 am PDT by
We're only four months out from the launch of Apple's premium next-generation smartphone lineup, and while we're not expecting a sea change in terms of functionality, there are still several enhancements rumored to be coming to the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth noting is that Apple is reportedly planning a major change to its iPhone release cycle this year, adopting a...
Read Full Article36 comments
iOS 26

iOS 26.5 Features: Everything New in iOS 26.5

Monday May 11, 2026 5:09 pm PDT by
Apple released iOS 26.5 after a few months of beta testing, and while it doesn't have the Siri features we were hoping for since those are being held until iOS 27, there are a handful of useful changes worth knowing about. Subscribe to the MacRumors YouTube channel for more videos. End-to-End Encryption for RCS Support for end-to-end encryption (E2EE) for RCS messages between iPhone and...
Read Full Article65 comments
General Apps Reddit Feature

Reddit Starts Blocking Mobile Website, Pushing Users to App Instead

Monday May 11, 2026 6:10 am PDT by
Social network Reddit recently began blocking mobile visitors to its website while pushing them to download the official Reddit app, and it's fair to say that the move is not going down well with users. If you visit reddit.com on your iPhone today, you may see a new popup that can't be dismissed, asking you to "get the app to keep using Reddit." A Reddit spokesperson told Ars Technica...
Read Full Article125 comments

Top Rated Comments

Agent OrangeZ Avatar
Agent OrangeZ
179 months ago
Translation:

Don't use SMS! Use iMessage and you can be sure it's secure! If you're friends don't have iPhones, tell them to get one!
Score: 31 Votes (Like | Disagree)
J
joedemax
179 months ago
So they want to pitch there own service rather than fix the problem? ugh.
Score: 23 Votes (Like | Disagree)
Roessnakhan Avatar
Roessnakhan
179 months ago
What a BS response.
Score: 19 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
179 months ago
Most of my friends use Android phones (and we do playfully bicker about what's better sometimes, it's what friends do) so I can't iMessage with them.

Spouting a proprietary service as a solution instead of fixing the problem is just plain stupid and embarrassing, Apple. Fix your ****.
Score: 15 Votes (Like | Disagree)
bacaramac Avatar
bacaramac
179 months ago
Love my iMessage and Facetime, but wish it was open source so I could use it with family and friends on Android.
Score: 11 Votes (Like | Disagree)
kdarling Avatar
kdarling
179 months ago
So Apple should fix the SMS flaw for the carriers?

It's not a flaw in SMS. Apple needs to enhance their app.

The problem is not that there is an optional SMS header that gives a different reply-to number, it's that Apple reportedly displays only that number and doesn't display the originator number as well.

In other words, an evil site could send you an SMS with a reply-to number that matches someone or place known to you. Since the iPhone only displays that instead of the evil originator, you might be inclined to trust any link or other info... because you (falsely) believe the origin was friendly.
Score: 10 Votes (Like | Disagree)
Read All Comments