Apple responds to iOS SMS flaw, suggests using iMessage instead
21 replies, posted
[QUOTE]iMessage, the Apple messaging technology that the company has urged customers use to avoid an SMS spoofing bug, remains under a patent litigation cloud, with a trial slated for November.
Last week, a researcher known for uncovering iPhone "jailbreak" exploits claimed that a flaw in iOS could be leveraged to send SMS (short message service) messages that appear to come from a trusted number.
In a statement quoted by several websites, including Engadget, Apple said that SMS -- or text messaging -- inherently "allows messages to be sent with spoofed addresses to any phone."
Instead, Apple suggested that users rely on iMessage, the company's proprietary technology that encrypts all traffic, and is embedded in the Message apps for iOS 5 and OS X Mountain Lion. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," Apple said.
But iMessage and other Apple technologies are under fire in a patent infringement lawsuit filed two years ago by VirnetX, a holding company that claims a portfolio of nearly four dozen patents, many of them awarded to a team of engineers who once worked at SAIC, or Science Application International Corp., a firm that regularly contracts with the Department of Defense.
VirnetX is probably best known for suing, then striking a $200 million settlement with Microsoft in May 2010 over allegations that Windows infringed on VirnetX's virtual private networking (VPN) patents.
Although VirnetX never mentioned iMessage by name in its lawsuit against Apple -- it did refer to FaceTime, Apple's video chat application -- some believe that the text messaging substitute is also affected by the five-patent case.
J.P. Moreno, a private investor who goes by the nickname "floydrocks" on discussion forums, and is the author of a 90-page paper ( download PDF) on the patent infringement case, is convinced that the lawsuit also targets iMessage.
"When that email address is used with certificates for authentication with secure DNS servers, and also for secure communications between devices ... these concepts/work flows are based on VirnetX inventions," argued Moreno, referring to how iMessage operates. "Secure domain names, secure DNS servers, automatic encryption. This is all VirnetX."
In its response to VirnetX's lawsuit, Apple has denied that FaceTime infringes the former's patents. It has made no mention of iMessage or other technologies, instead saying multiple times in its answers that, "It is not clear what is referenced by" VirnetX's claims.
The same VirnetX lawsuit also alleged that Aastra, Cisco and NEC violated the firm's patents. Aastra settled with VirnetX in May 2012, and NEC followed on Aug. 3. Both settlements involved a one-time payment to VirnetX and ongoing licensing royalties.
According to federal court documents, the jury trial involving is to start Nov. 13.
Another investor said that Apple would be smart to acquire VirnetX as a way out.
John Ford, who contributes to the SeekingAlpha investment website, made the case. "After consulting with technical experts, I've come to the conclusion that Apple is either going to have to buy VirnetX or else pay huge settlement and royalty fees," said Ford in a May 2012 post.
Ford's argument rested on the fact that Apple might recoup its investment by collecting the licensing fees that will likely result from in-progress lawsuits, and from possible future filings against the likes of Google.
Ford also brought up VirnetX's $200 million payday two years ago.
"No defendant will want to go to trial. The defendants are keenly aware that in the Microsoft trial, VirnetX convinced a jury to rule against Microsoft," Ford said.
Read more: [url]http://www.pcadvisor.co.uk/news/tech-industry/3376939/apple-pushes-imessage-after-sms-spoof-revealed-but-tech-under-patent-cloud/#ixzz248qQHOA4[/url]
[/QUOTE]
This should be a higher priority fix, especially since media outlets are giving it attention
[editline]20th August 2012[/editline]
also "you're sending it wrong"
Typical Apple
breaking news, recent update has bugs and apple are involved in a long, worthless court battle
hard hitting journalism
I'm going to point out that iMessage only works on apple shit
So if you want to talk to someone who doesn't have an iPhone you are insecure forever
[QUOTE=meppers;37335375]I'm going to point out that iMessage only works on apple shit
So if you want to talk to someone who doesn't have an iPhone you are insecure forever[/QUOTE]
that'll give them an excuse to push to make the iPhone the only phone sold in the US
oh wait
Or you could just use facebook to message them seeing as just about everyone uses facebook..
As one of the more Apple-supportive users on this forum, I'm pretty sure Apple's "opinion" on SMS is a load of shit.
[QUOTE=Protocol7;37336197]As one of the more Apple-supportive users on this forum, I'm pretty sure Apple's "opinion" on SMS is a load of shit.[/QUOTE]
That the SMS information can be spoofed? Because that's true (the original post about the flaw makes that pretty explicit). The issue is that the iPhone shows the "reply" number specified in the SMS and not the sender number (which itself can also be spoofed), the original post suggests showing both numbers in the UI (And even then, both can be wrong, etc.)
Apparently Google and Skype both spoof SMS messages to appear to come from a different sender (in Skype's case, the number linked to the sending Skype account vs. the sending server, etc.).
It's a bug in sms not really Apple's fault. I have my android device on me right now - it allows spoofed numbers in sms too.
To be honest, for me, Gtalk replaced 80% of SMS, too.
SMS are sadly still necessary but outdated standards.
[QUOTE=fruxodaily;37336166]Or you could just use facebook to message them seeing as just about everyone uses facebook..[/QUOTE]
Maybe almost everyone uses Facebook, but not everyone has a smartphone with a Facebook app on. So if they aren't on their computer they can't see your message.
"Stop sending it that way"
Apple's explanation is kind of bullshit, but VirnetX's "patents" are even more bullshit. Of course, nobody read the article, but from what I can tell they are arguing that using a secure DNS and encrypting data is patented by them. So basically, if you're communicating securely, they demand royalties.
Bullshit. I've used secure DNS to authenticate users on the simplest of programs and encrypt data therein (which is what they are bitching about), so technically I need to pay royalties to these assholes for using public-domain encryption methods? Fuck off.
Does MMS allow for number spoofing?
Bug in sms? try holding the phone like this instead
Our 600 dollar phone is not working?
YOU BETTER USE PIGEON MAIL INSTEAD
patent for imessage
this is ridiculous
[QUOTE=lavacano;37360780]Does MMS allow for number spoofing?[/QUOTE]
I'm pretty sure it does too.
My SMS is insecure about its identity :(
[QUOTE=Kljunas;37338376]Maybe almost everyone uses Facebook, but not everyone has a smartphone with a Facebook app on. So if they aren't on their computer they can't see your message.[/QUOTE] All my friends have a facebook app on their phone including messenger, but I still rely on SMS since sometimes facebook can spaz out on people and it causes for late responses, I haven't had problems with sms
[QUOTE=fruxodaily;37366703]All my friends have a facebook app on their phone including messenger, but I still rely on SMS since sometimes facebook can spaz out on people and it causes for late responses, I haven't had problems with sms[/QUOTE]
I stick with the mobile website, the permissions on the app are horrifying
[QUOTE=Elspin;37366796]I stick with the mobile website, the permissions on the app are horrifying[/QUOTE]
The app for Android is pretty bad anyway and the mobile site is just as functional.
Sorry, you need to Log In to post a reply to this thread.