Now one of the big areas of concern is with the originating number and the “reply-to” number. This is very similar to what happens in email. While an email address might be "
The same can be said for SMS clients. If they only show the reply-to address then you are at a disadvantage when you are sending SMS messages. For most Android phones the messaging client will show the reply-to and the originating number just as with most Windows Phones. Again this is like showing the reply to and the original email address. It is a good thing and helps to prevent you from replying to the wrong number. Now as we mentioned this covers most, but not all Android phones with the Android OS. However, with Android you can grab a number of SMS apps that will give you this as part of their security features (we like to use handcent SMS, but there are many more out there). The same is true of the iPhone. There are a handful of good apps that will allow you to get these extras, but in many cases you have to setup a new phone number for your device through the app. This limits their usages with many users as who wants to deal with a different phone number for texts?
This means that for a large portion of the iPhone owning population this flaw still exists in the same form is did when the iPhone was launched 5 years ago. It seems an odd flaw to leave open considering that SMS and MMS text messages are one of the primary means of communication for many people. The numbers will prove that with any carrier. How many of you will make a single phone call in a day but a large number of texts? I know that I do just about every day. Apple should have addressed this flaw a long time ago in the same way that carriers need to take responsibility for verifying the UDH (User Data Header) on SMS traffic traveling over their network. If they did this it would cut down on a fairly large security threat. It would be pretty easy to do this without the need to read the message in the same way that setting up a reverse DNS (resolving the originating IP of a mail server to the claimed domain name) helps to prevent spam.
According to Pod2G, the researcher that found this flaw five years ago it is of great concern and Apple should fix this before the release of iOS 6. His reasons?
“Why is it an issue ?
pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
one could send a spoofed message to your device and use it as a false evidence.
anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
Now you are alerted. Never trust any SMS you received on your iPhone at first sight.”
On top of all of this with the increase in malware for mobile devices it is simply the smart thing to do in order to protect your customers. We would expect Apple, Microsoft and Google to all ensure that the SMS text messages sent and received are valid and that they can quickly show the user the ones that are not. Doing this is simply showing responsibility and concern for your customers.
Discuss this in our Forum