Hacker Points Out iOS Security Flaw That Allows iPhone Text Spoofing

Aug 17, 2012 09:15 PM

Security researcher and iPhone hacker pod2g has brought attention to a flaw in Apple's iOS that allows the user to change the reply address of an SMS message. This bug has been a part of the iPhone's SMS since the first iPhone in 2007, but Apple has yet to address it.

Basically, there's a section in the text payload called User Data Heading (UDH) that controls some advanced features, one of which is the reply address. By changing the reply address of a text message, you can make someone send a message to a different number than the one displayed on their screen. This is done by setting up an SMS gateway and sending a text in raw PDU format. There are plenty of tools online to do this, so in theory anyone with a smartphone could figure it out.

It's not exactly a simple process, but by doing this, someone could trick you into giving them information you thought you were sending to someone you know. Some examples given by pod2g include phishing scams and collecting false evidence. For example, you get a text from your "bank" with a link to a malicious website, or a text that gets you to divulge compromising information and then use it as evidence against you later.

Because it requires some technical knowledge, and in some cases access to your contacts, this probably isn't going to be a huge threat, but it's still good to err on the side of caution. Be wary of any text messages you receive asking for personal information or trying to get you to click on a link and, as pod2g says, "Never trust any SMS you received on your iPhone at first sight."

Want to learn more about spoofing? Check out one of our tutorials on spoofing your number or cloaking your email address.

Images by Ali-Hassan, Wayan Vota, Telegraph

Comments

No Comments Exist

Be the first, drop a comment!