5-year old SMS security flaw in iOS has finally been discovered... by a hacker
According to pod2g, the right way to implement this feature would be to make both the original and reply-to addresses visible to the recipient of the SMS. This way they will know which number has sent the message, and which number will receive the message once they reply. However, it looks like on the iPhone the user only sees the reply-to number, and they lose track of the original sender's number. This way, pod2g explains, it's very easy for a hacker to pretend that the message is send from a trusted source like your bank, when it actually isn't.
Here's the explanation directly from the horse's mouth:
According to the hacker, this kind of SMS flaw can be used for various bad stuff including someone pretending to be a trusted source, asking you to submit your personal data, or even a spoofed message acting as a false evidence.
Probably the most interesting thing about this whole story is that the flaw has been present ever since the launch of the original iPhone back in 2007, and continues to be around with the latest beta of iOS 6. pod2g presumes that other security researchers, as well as some pirates are also aware of it... which would be strange, because we should have known about this by now, if other security researchers like him were really aware.
source: pod2g's blog
1. PAPINYC (Posts: 2237; Member since: 30 Jul 2011)
I thought iOS was security flaw-proof and hacker-proof?
5. PAPINYC (Posts: 2237; Member since: 30 Jul 2011)
I know MACs are security flaw-proof and hacker-proof; everybody knows that. And, they never break while Apple Care is current (only the day after it expires).
15. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
You've been misinformed. Do you know why there aren't any viruses or hacks for Macs? Because a very small percentage of the population actually uses a Mac. Most of the world run PC's. So the people making hacks and viruses, especially those that track information, want to gather that information from mass populations. If suddenly the same amount of Macs start being used as PC's, you'd have the same hacks and viruses in Macs.
In short, it's simply not wroth the effort to hack Macs. But if a hacker wants to target someone specific running a Mac, he damn well can.
If God himself couldn't sink the Titanic, and an iceberg did, then Macs aren't safe from anything.
...just something to think about.
23. tizz06 (Posts: 11; Member since: 17 May 2012)
thank you someone that understands y Mac's don't get infected wit viruses but yeah safari was hacked in 5 seconds in the PWN2OWN competition last year Mac's aren't that safe
24. -box- (Posts: 3749; Member since: 04 Jan 2012)
I believe PAPINYC was being sarcastic, or at least that's how I interpreted it.
You are correct in that fewer people use macs, but incorrect believing there isn't ANY malware for them. There's plenty, and more and more each day as more glaring security flaws are expolited in the OS. Windows may have more malware created for it, but it's (Windows 7 and 8, that is, XP and prior are still metaphorical swiss cheese, much like iOS) technicaly more secure and less vulnerable than OS X
42. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
I see it now...I think he was being sarcastic as well. Well in any event, let what I said just generally be known for anyone wondering why.
53. piyushkohli97 (Posts: 4; Member since: 14 Jul 2012)
you are wrong....
do you know anything about unix and linux??
search about unix(mac osx & ios) and also search about linux(android & ubuntu,etc).
Just check this out you will get to know why mac and ios dont get malwares.
i dont say that mac dosent get viruses but simple reason is it is very tough to make a virus for mac.
43. master0fursinz (Posts: 104; Member since: 26 Apr 2010)
Wait a sec. I did read on BGR last year that Apple security is about a decade behind PC. This is coming from those so called "security experts". But i do believe that they are vunerable to virus' and hacks. It just a matter of time before they become cheaper and mainstream like pc. Then again we are talking about Apple.
14. bobfreking55 (Posts: 866; Member since: 15 Jul 2011)
lol. i thought so too.
if only itunes was dead, side-loading was allowed and a file manager was accessible... i'd switch to iOS even if it or it is not ''unhackable'' or crap. haha.
56. Pings (Posts: 301; Member since: 19 Dec 2008)
Pwn2own Apple is always the worst security/hacker wise.
54. kingpet13 (Posts: 139; Member since: 02 Feb 2012)
Sorry meant to thumb you up. Darn touchscreen
6. bloodline (Posts: 691; Member since: 01 Dec 2011)
"you shouldnt be using SMS anyway" - apple
18. Droid_X_Doug (Posts: 5609; Member since: 22 Dec 2010)
You should only be exchanging iMessages with other iMessage users. SMS is like un-protected, un-safe sex.
31. lyndon420 (Posts: 1713; Member since: 11 Jul 2012)
It's absolutely impossible to compromise iMessages?
57. neutralguy (Posts: 1152; Member since: 30 Apr 2012)
hey droid_x_doug, apple just read your comment and said, "why not do what droid_x_doug is saying?, working for a fix is time consuming. Let's just go with what he said and continue wasting our time suing other company instead of doing a fix!"
19. Savage (unregistered)
Lol, Expect Apple to disable the messaging feature straight-away!
7. paulyyd (Posts: 326; Member since: 08 Jan 2011)
lol my 5 year old macbook puts anything that has windows software on it to shame so hate all you want
13. mas11 (Posts: 1028; Member since: 30 Mar 2012)
My dad's 7 year-old Windows XP PC that's currently collecting dust in his basement can still run programs that your Mac only wishes it could.
38. PapaSmurf (Posts: 7721; Member since: 14 May 2012)
Best comment I've seen on this site in awhile.
8. Republican (Posts: 99; Member since: 05 Apr 2012)
Still the most powerful,successful and innovative os ever created. Built for the elite.
16. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
*wants to set it as a default browser*
Well, so much for that.
20. Savage (unregistered)
And that's not it.
*puts mp3 in iPhone*
*wants to set it as ringtone*
41. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
*tries to put mp3 in iPhone*
*has to download iTunes first*
Well, I've had just about enough.
27. Fallout09 (Posts: 413; Member since: 17 Oct 2011)
Last time I checked Elite build their own.... LINUX anyone?
30. true1984 (Posts: 586; Member since: 23 May 2012)
Finally, someone who knows computers! Unbutu and Red Hat all day
36. -box- (Posts: 3749; Member since: 04 Jan 2012)
The elite what? Hipsters at overpriced-coffee shops?
Powerful? Not really, though plenty of decent programs written for it (which are more usable on a *gasp* Windows or Unix/Linux system).
Successful? Isn't it losing market share to Chromebooks? Oh, what's that, It's never had more than 10-15% market share? Wow.
Innovative? Puh-leeeze. It hasn't changed much in, what, 10 years? Windows has gone from XP to Vista to 7 and soon 8 since then. And don't say the cat updates are new OSes, they're not, even though you have to PAY FOR THEM.
9. mas11 (Posts: 1028; Member since: 30 Mar 2012)
That's when spending so little on research bites you in the ass. Just because your company's name is Apple doesn't mean you're hacker-proof.
10. jmoita2 (Posts: 930; Member since: 23 Dec 2011)
Five years??? Everybody's info has been compromised. So much for a "closed" environment...
11. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
Well I'm glad I switch to an Android, after 5 years of using an iPhone.
40. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
Thanks, best decision I ever made...as far as phones go.
44. gallitolimitededition (banned) (Posts: 18; Member since: 16 Aug 2012)
excuse me but so far the best decision would be the iphone as you stayed with the iphone for 5 years and you barely have a few months with the Nexus, too soon to see what decision was best at this point
46. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
Yea see about that. It turns out, and you'll see this in many dictatorships, I was blinded, for five years because I didn't know any better. Now, I've reached the age of reasoning.
So, you're excused.
22. Savage (unregistered)
Wait a second. According to the article - "It appears that there are some phones (not only the iPhone) that are compatible with a number of advanced SMS functions, that become enabled if a hacker tinkers with the UDH (User Data Header) section of a text message"
Which other phones are you talking about?
33. skymitch89 (Posts: 1042; Member since: 05 Nov 2010)
Last I checked, the iPhone was a smartphone.
35. PapaSmurf (Posts: 7721; Member since: 14 May 2012)
Last time I've checked, its a smartphone for people with basic needs from a phone, so does it make it a basic smartphone?
37. -box- (Posts: 3749; Member since: 04 Jan 2012)
I wouldn't even call it a smartphone. It's a feature phone with a lot of apps and WiFi access. My old Nokia 5230 Nuron was able to run circles around the iphone4S, and only lacked its number of apps and WiFi, and that was considered an advanced feature phone, and had it WiFi would have been considered an entry-level smartphone
45. gallitolimitededition (banned) (Posts: 18; Member since: 16 Aug 2012)
A smartphone is a mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a feature phone. the iphone is a smartphone
48. The_Innovation (Posts: 538; Member since: 18 Jul 2012)
You forgot to mention...the iPhone.
29. rallyguy (Posts: 533; Member since: 13 Mar 2012)
This only happens when you send an SMS while holding it wrong.
32. skymitch89 (Posts: 1042; Member since: 05 Nov 2010)
Now that this has been exposed, you know that Apple will do whatever they can to fix it.
50. Savage (unregistered)
Yep! But first they'll sue the hacker for revealing this flaw.
49. vickygamit (Posts: 29; Member since: 16 Aug 2012)
who says macs are safe thousand of macs attacked by trojans ! apple also changed their website words virus proof OS to secure OS!
51. balathegame (Posts: 5; Member since: 15 Aug 2012)
OH NO !! PHONE ARENA WHAT HAVE YOU DONE ??
JUST ABOUT APPLE FINISHED MILKING MONEY FROM THE LAW SUITS YOU HAVE SET OFF ANOTHER ONE !!
now apple will sue you for misleading the ipeople , using word sms, using the word apple , using the word ios and so on ...... ... they will ask you to pay 1 cent for every hit on this website !!!
52. balathegame (Posts: 5; Member since: 15 Aug 2012)
then they will sue the poor hacker for helping others !!!