iMessage, the Apple messaging technology that the company has urged customers use to avoid an SMS spoofing bug, remains under a patent litigation cloud, with a trial slated for November.
Last week, a researcher known for uncovering iPhone "jailbreak" exploits claimed that a flaw in iOS could be leveraged to send SMS (short message service) messages that appear to come from a trusted number.
In a statement quoted by several websites, including Engadget, Apple said that SMS -- or text messaging -- inherently "allows messages to be sent with spoofed addresses to any phone."
Instead, Apple suggested that users rely on iMessage, the company's proprietary technology that encrypts all traffic, and is embedded in the Message apps for iOS 5 and OS X Mountain Lion. "When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," Apple said.
But iMessage and other Apple technologies are under fire in a patent infringement lawsuit filed two years ago by VirnetX, a holding company that claims a portfolio of nearly four dozen patents, many of them awarded to a team of engineers who once worked at SAIC, or Science Application International Corp., a firm that regularly contracts with the Department of Defense.
VirnetX is probably best known for suing, then striking a $200 million settlement with Microsoft in May 2010 over allegations that Windows infringed on VirnetX's virtual private networking (VPN) patents.
In early 2012, VirnetX asked the court for permission to add iMessage to the lawsuit; previously it had only called out FaceTime, Apple's video chat application, by name. U.S. District Court Judge Leonard Davis granted that motion in mid-May.
J.P. Moreno, a private investor who goes by the nickname "floydrocks" on discussion forums, and is the author of a 90-page paper (download PDF) on the patent infringement case, is convinced that, like FaceTime, iMessage infringes VirnetX's patents. Moreno holds shares of VirnetX.
"When that email address is used with certificates for authentication with secure DNS servers, and also for secure communications between devices ... these concepts/work flows are based on VirnetX inventions," argued Moreno, referring to how iMessage operates. "Secure domain names, secure DNS servers, automatic encryption. This is all VirnetX."
In its responses to VirnetX's lawsuit, Apple has denied that FaceTime infringes the former's patents and prior to Davis' May 2012 ruling, argued that the inclusion of iMessage would be "highly prejudicial."
The same VirnetX lawsuit also alleged that Aastra, Cisco and NEC violated the firm's patents. Aastra settled with VirnetX in May 2012, and NEC followed on Aug. 3. Both settlements involved a one-time payment to VirnetX and ongoing licensing royalties.
According to federal court documents, the jury trial involving is to start Nov. 13.
Another investor said that Apple would be smart to acquire VirnetX as a way out.
John Ford, who contributes to the SeekingAlpha investment website, made the case. "After consulting with technical experts, I've come to the conclusion that Apple is either going to have to buy VirnetX or else pay huge settlement and royalty fees," said Ford in a May 2012 post.
Ford's argument rested on the fact that Apple might recoup its investment by collecting the licensing fees that will likely result from in-progress lawsuits, and from possible future filings against the likes of Google.
Ford also brought up VirnetX's $200 million payday two years ago.
"No defendant will want to go to trial. The defendants are keenly aware that in the Microsoft trial, VirnetX convinced a jury to rule against Microsoft," Ford said.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.