Apple Pushes iMessage to Avoid SMS Spoof
Last week, a researcher known for uncovering iPhone "jailbreak" exploits claimed that a flaw in iOS could be leveraged to send SMS (short message service) messages that appear to come from a trusted number.
In a statement quoted by several websites, including Engadget, Apple said that SMS -- or text messaging -- inherently "allows messages to be sent with spoofed addresses to any phone."
Instead, Apple suggested that users rely on iMessage, the company's proprietary technology that encrypts all traffic, and is embedded in the Message apps for iOS 5 and OS X Mountain Lion. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," Apple said.
But iMessage and other Apple technologies are under fire in a patent infringement lawsuit filed two years ago by VirnetX, a holding company that claims a portfolio of nearly four dozen patents, many of them awarded to a team of engineers who once worked at SAIC, or Science Application International Corp., a firm that regularly contracts with the Department of Defense.
VirnetX is probably best known for suing, then striking a $200 million settlement with Microsoft in May 2010 over allegations that Windows infringed on VirnetX's virtual private networking (VPN) patents.
Although VirnetX never mentioned iMessage by name in its lawsuit against Apple -- it did refer to FaceTime, Apple's video chat application -- some believe that the text messaging substitute is also affected by the five-patent case.
J.P. Moreno, a private investor who goes by the nickname "floydrocks" on discussion forums, and is the author of a 90-page paper ( download PDF) on the patent infringement case, is convinced that the lawsuit also targets iMessage.
"When that e-mail address is used with certificates for authentication with secure DNS servers, and also for secure communications between devices ... these concepts/work flows are based on VirnetX inventions," argued Moreno, referring to how iMessage operates. "Secure domain names, secure DNS servers, automatic encryption. This is all VirnetX."
In its response to VirnetX's lawsuit, Apple has denied that FaceTime infringes the former's patents. It has made no mention of iMessage or other technologies, instead saying multiple times in its answers that, "It is not clear what is referenced by" VirnetX's claims.
The same VirnetX lawsuit also alleged that Aastra, Cisco and NEC violated the firm's patents. Aastra settled with VirnetX in May 2012, and NEC followed on August 3. Both settlements involved a one-time payment to VirnetX and ongoing licensing royalties.
According to federal court documents, the jury trial involving is to start November 13.
Buy Its Way Out?
Another investor said that Apple would be smart to acquire VirnetX as a way out.
John Ford, who contributes to the SeekingAlpha investment website, made the case. "After consulting with technical experts, I've come to the conclusion that Apple is either going to have to buy VirnetX or else pay huge settlement and royalty fees," said Ford in a May 2012 post.
Ford's argument rested on the fact that Apple might recoup its investment by collecting the licensing fees that will likely result from in-progress lawsuits, and from possible future filings against the likes of Google.
Ford also brought up VirnetX's $200 million payday two years ago.
"No defendant will want to go to trial. The defendants are keenly aware that in the Microsoft trial, VirnetX convinced a jury to rule against Microsoft," Ford said.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about legal in Computerworld's Legal Topic Center.