A security flaw that renders iPhone SMS services vulnerable to attack is not present across rival Android, BlackBerry, Windows Phone and Symbian devices, according to new data from mobile security firm AdaptiveMobile.

Late last week, a French hacker calling himself "pod2g" identified an iOS loophole enabling scammers to spoof their identities and transmit malicious text messages that appear to originate from banks or other trusted sources. The hacker said the spoofing flaw is a byproduct of the process that converts text messages to the Protocol Description Unit mode for delivery, noting the glitch impacts all versions of Apple's iOS "since the beginning of the implementation of SMS in the iPhone" and is also present in the current iOS 6 beta 4.

AdaptiveMobile said the problem lies with the iPhone, not operator networks. "We know conclusively that this is not a network problem because the 3GPP specification--which outlines how modern mobile phones and networks operate today--discusses the security implications of this field in all phones and give recommendations on how to avoid malicious use of this," said AdaptiveMobile security consultant Cathal McDaid. "We have tested this issue on Android, Windows, BlackBerry and Symbian phones and most of them simply ignore the 'reply address' field or display both the 'real' originating address and the reply address as per the specification recommendations. The iPhone, so far, is the only device which does not comply with these security recommendations."

McDaid adds that the 'reply access' field was introduced to enable subscribers to reply to test blasts originating from news agencies or marketing firms: "These broadcast systems may not be capable of receiving messages, so this system allows for more interaction. However, while most handsets now ignore this quirk, with the remainder treating the field correctly, Apple has left a significant vulnerability in its handsets which could allow consumers to be fooled and hand over personal details to hackers and criminals. This reinforces the importance of handset manufacturers, operators and security providers collaborating and helping to keep SMS as a secure, reliable and trusted channel."

Apple has yet to disclose what steps it plans to patch the security loophole, if any, and suggests that its over-the-top iMessage solution presents a safer alternative to conventional SMS. "Apple takes security very seriously," the company said in its sole public response to the matter. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown Web site or address over SMS."

Apple introduced iMessage in October 2011, concurrent with the launch of its iOS 5 operating system update. The service enables users to send free text messages, photos and videos among all iOS devices. Despite the introduction of over-the-top services like iMessage, Facebook, Skype and Twitter, 91 percent of U.S. smartphone owners still actively use SMS, according to a survey conducted this spring by Vanson Bourne on behalf of mobile messaging firm Acision.