SMS spoofing vulnerability exposed in Apple's iOS

By on August 17, 2012, 1:30 PM

A prominent jailbreaker that goes by the handle Pod2g has exposed a vulnerability in the way iOS interprets key SMS data that could allow scammers to gain sensitive information from iPhone users. Essentially, the flaw makes it possible to change the reply-to number in an SMS, so you might think you’re getting a text from a trusted source -- like a friend or even your bank -- when it’s actually someone else.

There’s no direct risk of code execution, so this is basically for social engineering types of scams. That said, with no way to verify the actual sender, it could be used to extract sensitive information from unsuspecting users or invite them to click on a link that loads a malicious or phishing website.

Pod2g explains the flaw in a blog post titled “Never trust SMS: iOS text spoofing”:

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. […] In a good implementation of this, the receiver would see [both] the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin.

To take advantage of the SMS loophole someone would need to be able to send texts in raw PDU format. Apparently, there are several smartphone tools readily available online for this, and Pod2G will be releasing his own soon to prove his findings. The security expert says the flaw has been present since the original iPhone, and still exists in iOS 6 beta 4. He’s asking Apple to correct the problem before the final release.




User Comments: 4

Got something to say? Post a comment
Guest said:

lol theirs been an app cydia which allowed this for years

I sent a text to a friend and the number showed it as his gf,

nothing new, easy to do, just pirate that app. lol

lawfer, TechSpot Paladin, said:

I'm sure by the time it's released it'll be fixed.

Guest said:

Not everyone updates there phone so this is definitely a problem. How about people who don't have a plan that covers internet? hell one of my old providers got me to pay $150 because an app tried to update the day I bought the phone before I could deny internet access. it downloaded about 2mb

princeton princeton said:

Not everyone updates there phone so this is definitely a problem. How about people who don't have a plan that covers internet? hell one of my old providers got me to pay $150 because an app tried to update the day I bought the phone before I could deny internet access. it downloaded about 2mb

Yes they do. The only people who do not update their version of iOS are people who don't want to lose their jailbreak. You don't have to do an OTA update through mobile internet, you can do it through iTunes or over WiFi

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.