News: Hacker Points Out iOS Security Flaw That Allows iPhone Text Spoofing

Hacker Points Out iOS Security Flaw That Allows iPhone Text Spoofing

Security researcher and iPhone hacker pod2g has brought attention to a flaw in Apple's iOS that allows the user to change the reply address of an SMS message. This bug has been a part of the iPhone's SMS since the first iPhone in 2007, but Apple has yet to address it.

Image via

Basically, there's a section in the text payload called User Data Heading (UDH) that controls some advanced features, one of which is the reply address. By changing the reply address of a text message, you can make someone send a message to a different number than the one displayed on their screen. This is done by setting up an SMS gateway and sending a text in raw PDU format. There are plenty of tools online to do this, so in theory anyone with a smartphone could figure it out.

It's not exactly a simple process, but by doing this, someone could trick you into giving them information you thought you were sending to someone you know. Some examples given by pod2g include phishing scams and collecting false evidence. For example, you get a text from your "bank" with a link to a malicious website, or a text that gets you to divulge compromising information and then use it as evidence against you later.

Image via

Because it requires some technical knowledge, and in some cases access to your contacts, this probably isn't going to be a huge threat, but it's still good to err on the side of caution. Be wary of any text messages you receive asking for personal information or trying to get you to click on a link and, as pod2g says, "Never trust any SMS you received on your iPhone at first sight."

Want to learn more about spoofing? Check out one of our tutorials on spoofing your number or cloaking your email address.

Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.

Buy Now (90% off) >

Other worthwhile deals to check out:

Images by Ali-Hassan, Wayan Vota, Telegraph

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest