There's a big security story blowing through the leaves today, and it affects your iPhone. Uncovered by iPhone hacker Pod2G, the issue involves SMS spoofing and shows up in every version of iOS for the iPhone -- and it's in the current beta of iOS 6.

What is this security problem? Some details follow, and Pod2G shares additional detail on his post as well. Essentially someone could send you a text that appears to be from a trusted source, when in fact the response will be routed to someone else's device. If you thought a text came from your bank, for instance, you could be tricked into handing over sensitive data.

While it's not something particularly simple to do (you'll need to set up an SMS gateway), I will say the consequences of spoofing SMS can be dire, as courts have used SMS messages as evidence. Harassment by messaging is a real crime, and messaging can be a violation of restraining orders. So aside from the social engineering risk (getting your password by someone pretending to be an authority), the legal consequences could be very real as well.

I spoke with security expert Seth Bromberger, a principal at NCI Security. He noted that while Apple can fix this on their end, the inherent issues with SMS authentication are beyond their scope to fix permanently.

Nevertheless, here are some steps Apple, the industry at large and law enforcement could take, according to Bromberger:

1. Apple should display the originating number, not trust what the sender has said was the originating number (or at least alert if reply-to != original).
2. The carriers should ensure that "forging" (I'm using this word but it's not really forgery -- all the person is doing is setting a reply-to that differs from the originating number, apparently in full conformance with