November 16, 2024
Pod2g Discovers Security Flaw in iOS That Allows for SMS Spoofing

Pod2g Discovers Security Flaw in iOS That Allows for SMS Spoofing

Posted August 17, 2012 at 8:29am by iClarified
Pod2g has announced the discovery of a security flaw in iOS that allows for spoofing of SMS messages.

The flaw has been present since the first iPhone and is still there in iOS 6 beta 4, notes the hacker.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.


In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin.


Pod2g outlines some scenarios where this might be dangerous:
● pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
● one could send a spoofed message to your device and use it as a false evidence.
● anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.

As final warning, it's suggested that you never trust a SMS received on your iPhone at first sight, at least until Apple fixes the problem.

Read More



Pod2g Discovers Security Flaw in iOS That Allows for SMS Spoofing
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (7)
You must login or register to add a comment...
YoDude
YoDude - August 17, 2012 at 1:30pm
Yup there is JB for iPhone 4 and earlier bt still cydia wud not be available even after jailbreak!
jockep
jockep - August 17, 2012 at 2:49pm
Cydia can be installed, and you do not need Cydia to find exploits in messages app.
sh
sh - August 17, 2012 at 10:59am
If someone can write to the UDH they have enough SMSC access to spoof the sender address anyway so not really an important flaw.
iCrunch
iCrunch - August 17, 2012 at 8:36am
Looks like we'll get that jailbreak for iOS 6 in no time. :-P
Lunatis
Lunatis - August 17, 2012 at 10:51am
WTF does JB got to do with the subject?
Think first
Think first - August 17, 2012 at 12:20pm
It means someone was able to JB iOS6 that enabled them to confirm the flaw.
jockep
jockep - August 17, 2012 at 1:16pm
Well the jailbreak for iPhone 4 and earlier, tethred exist already. So doesn't mean untethred jailbreak will exist at release. It might do but this is no proof it does.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sonoma
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS