In fairness, the iPhone is not the only handset vulnerable to SMS spoofing. Plenty of Websites offer SMS spoofing as a service, one that isn't limited to Apple's handsets. The main issues seem to be that some phones, including the iPhone, are compatible with the UDH indicator that allows for alternative reply-to addresses, and that the iPhone in particular doesn't show the original address. It's not clear how many other phones on the market only show the reply-to number, and not the original.

Also worth noting: This flaw can only trick people into thinking a message comes from a trusted source. Any replies to that message would go to the contact who's being spoofed, so there's no danger of giving up sensitive information to a malicious source solely via text message.

In a blog post, pod2g says he will soon publicize a tool for the iPhone 4 that sends messages in raw PDU format, which will demonstrate the vulnerability. In the meantime--and as always--avoid following Web links from text messages that ask for logins, banking details or other sensitive information.

Follow Jared on , or for even more tech news and commentary.