iOS Messaging Security Flaw Allows Hacker to Impersonate User

Nemertes Impact Analysis:

With iOS 5, Apple (NASDAQ:AAPL) released iMessage, allowing folks to circumvent SMS (Simple Messaging System) used by carriers. But, a security flawin this feature can cause serious problems if users lose their devices and require emote wipes. iMessage is completely transparent to the user – if both devices in a conversation are running iOS5, they will communicate by default via iMessage, the benefit being cost reduction versus SMS, particularly internationally. The problem is, when people remote wipe their devices, they find thieves are still able to both send and receive texts using iMessage. In essence, unscrupulous or malicious people can continue to monitor iMessage conversations and even worse, impersonate the owner. This constitutes a serious security risk, the worst so far for the iOS ecosystem.

iDevices continue to gain significant traction within the enterprise, with 67.4% and 52.9% companies explicitly supporting iPhones and iPads, respectively.

Impacts:

Enterprises: Apple will likely hotfix this quickly, but in the interim employees should disable iMessaging as a precaution – devices will default back to SMS.

Vendors: With iOS’ continual growth in enterprise, security is equally critical. Monitor for flaws and augment the security of iOS’ management module with solutions.

Investors: With Apple’s first major iOS flaw - particularly from an enterprise focus being such a big one - companies may revisit Android, which has had its share of similarly marring issues.

Sign Up To Receive Nemertes Impact Analysis By E-mail

Follow Nemertes Research on Twitter

Become a Nemertes Fan on Facebook</strong