5-year old SMS security flaw in iOS has finally been discovered... by a hacker
According to pod2g, the right way to implement this feature would be to make both the original and reply-to addresses visible to the recipient of the SMS. This way they will know which number has sent the message, and which number will receive the message once they reply. However, it looks like on the iPhone the user only sees the reply-to number, and they lose track of the original sender's number. This way, pod2g explains, it's very easy for a hacker to pretend that the message is send from a trusted source like your bank, when it actually isn't.
Here's the explanation directly from the horse's mouth:
According to the hacker, this kind of SMS flaw can be used for various bad stuff including someone pretending to be a trusted source, asking you to submit your personal data, or even a spoofed message acting as a false evidence.
Probably the most interesting thing about this whole story is that the flaw has been present ever since the launch of the original iPhone back in 2007, and continues to be around with the latest beta of iOS 6. pod2g presumes that other security researchers, as well as some pirates are also aware of it... which would be strange, because we should have known about this by now, if other security researchers like him were really aware.
source: pod2g's blog
1. PAPINYC (limited) 2 days ago posted on 17 Aug 2012, 09:52 38 3
I thought iOS was security flaw-proof and hacker-proof?
5. PAPINYC (limited) 2 days ago posted on 17 Aug 2012, 10:05 8 26
I know MACs are security flaw-proof and hacker-proof; everybody knows that. And, they never break while Apple Care is current (only the day after it expires).
15. The_Innovation posted on 17 Aug 2012, 10:46 28 2
You've been misinformed. Do you know why there aren't any viruses or hacks for Macs? Because a very small percentage of the population actually uses a Mac. Most of the world run PC's. So the people making hacks and viruses, especially those that track information, want to gather that information from mass populations. If suddenly the same amount of Macs start being used as PC's, you'd have the same hacks and viruses in Macs.
In short, it's simply not wroth the effort to hack Macs. But if a hacker wants to target someone specific running a Mac, he damn well can.
If God himself couldn't sink the Titanic, and an iceberg did, then Macs aren't safe from anything.
...just something to think about.
23. tizz06 posted on 17 Aug 2012, 11:31 6 1
thank you someone that understands y Mac's don't get infected wit viruses but yeah safari was hacked in 5 seconds in the PWN2OWN competition last year Mac's aren't that safe
24. -box- posted on 17 Aug 2012, 11:33 4 1
I believe PAPINYC was being sarcastic, or at least that's how I interpreted it.
You are correct in that fewer people use macs, but incorrect believing there isn't ANY malware for them. There's plenty, and more and more each day as more glaring security flaws are expolited in the OS. Windows may have more malware created for it, but it's (Windows 7 and 8, that is, XP and prior are still metaphorical swiss cheese, much like iOS) technicaly more secure and less vulnerable than OS X
42. The_Innovation posted on 17 Aug 2012, 15:46 0 1
I see it now...I think he was being sarcastic as well. Well in any event, let what I said just generally be known for anyone wondering why.
53. piyushkohli97 posted on 18 Aug 2012, 06:39 0 0
you are wrong....
do you know anything about unix and linux??
search about unix(mac osx & ios) and also search about linux(android & ubuntu,etc).
Just check this out you will get to know why mac and ios dont get malwares.
i dont say that mac dosent get viruses but simple reason is it is very tough to make a virus for mac.
43. master0fursinz posted on 17 Aug 2012, 17:56 0 0
Wait a sec. I did read on BGR last year that Apple security is about a decade behind PC. This is coming from those so called "security experts". But i do believe that they are vunerable to virus' and hacks. It just a matter of time before they become cheaper and mainstream like pc. Then again we are talking about Apple.
14. bobfreking55 posted on 17 Aug 2012, 10:46 2 0
lol. i thought so too.
if only itunes was dead, side-loading was allowed and a file manager was accessible... i'd switch to iOS even if it or it is not ''unhackable'' or crap. haha.
56. Pings posted on 18 Aug 2012, 13:03 0 0
Pwn2own Apple is always the worst security/hacker wise.
18. Droid_X_Doug posted on 17 Aug 2012, 11:17 11 1
You should only be exchanging iMessages with other iMessage users. SMS is like un-protected, un-safe sex.
31. lyndon420 posted on 17 Aug 2012, 13:33 0 0
It's absolutely impossible to compromise iMessages?
57. neutralguy posted on 18 Aug 2012, 22:20 0 0
hey droid_x_doug, apple just read your comment and said, "why not do what droid_x_doug is saying?, working for a fix is time consuming. Let's just go with what he said and continue wasting our time suing other company instead of doing a fix!"
19. Savage posted on 17 Aug 2012, 11:18 6 1
Lol, Expect Apple to disable the messaging feature straight-away!
7. paulyyd posted on 17 Aug 2012, 10:32 3 22
lol my 5 year old macbook puts anything that has windows software on it to shame so hate all you want
13. mas11 posted on 17 Aug 2012, 10:46 25 1
My dad's 7 year-old Windows XP PC that's currently collecting dust in his basement can still run programs that your Mac only wishes it could.
38. PapaSmurf posted on 17 Aug 2012, 13:52 11 1
Best comment I've seen on this site in awhile.
8. Republican posted on 17 Aug 2012, 10:34 3 24
Still the most powerful,successful and innovative os ever created. Built for the elite.
16. The_Innovation posted on 17 Aug 2012, 10:48 9 2
*wants to set it as a default browser*
Well, so much for that.
20. Savage posted on 17 Aug 2012, 11:19 12 2
And that's not it.
*puts mp3 in iPhone*
*wants to set it as ringtone*
41. The_Innovation posted on 17 Aug 2012, 15:44 5 2
*tries to put mp3 in iPhone*
*has to download iTunes first*
Well, I've had just about enough.
27. Fallout09 posted on 17 Aug 2012, 13:11 9 1
Last time I checked Elite build their own.... LINUX anyone?
30. true1984 posted on 17 Aug 2012, 13:33 5 1
Finally, someone who knows computers! Unbutu and Red Hat all day
36. -box- posted on 17 Aug 2012, 13:50 5 2
The elite what? Hipsters at overpriced-coffee shops?
Powerful? Not really, though plenty of decent programs written for it (which are more usable on a *gasp* Windows or Unix/Linux system).
Successful? Isn't it losing market share to Chromebooks? Oh, what's that, It's never had more than 10-15% market share? Wow.
Innovative? Puh-leeeze. It hasn't changed much in, what, 10 years? Windows has gone from XP to Vista to 7 and soon 8 since then. And don't say the cat updates are new OSes, they're not, even though you have to PAY FOR THEM.
9. mas11 posted on 17 Aug 2012, 10:34 13 2
That's when spending so little on research bites you in the ass. Just because your company's name is Apple doesn't mean you're hacker-proof.
10. jmoita2 posted on 17 Aug 2012, 10:35 8 2
Five years??? Everybody's info has been compromised. So much for a "closed" environment...
11. The_Innovation posted on 17 Aug 2012, 10:43 12 2
Well I'm glad I switch to an Android, after 5 years of using an iPhone.
40. The_Innovation posted on 17 Aug 2012, 15:39 2 1
Thanks, best decision I ever made...as far as phones go.
44. gallitolimitededition (banned) posted on 17 Aug 2012, 19:00 1 2
excuse me but so far the best decision would be the iphone as you stayed with the iphone for 5 years and you barely have a few months with the Nexus, too soon to see what decision was best at this point
46. The_Innovation posted on 17 Aug 2012, 19:59 2 1
Yea see about that. It turns out, and you'll see this in many dictatorships, I was blinded, for five years because I didn't know any better. Now, I've reached the age of reasoning.
So, you're excused.
22. Savage posted on 17 Aug 2012, 11:26 5 1
Wait a second. According to the article - "It appears that there are some phones (not only the iPhone) that are compatible with a number of advanced SMS functions, that become enabled if a hacker tinkers with the UDH (User Data Header) section of a text message"
Which other phones are you talking about?
33. skymitch89 posted on 17 Aug 2012, 13:45 2 1
Last I checked, the iPhone was a smartphone.
35. PapaSmurf posted on 17 Aug 2012, 13:50 3 2
Last time I've checked, its a smartphone for people with basic needs from a phone, so does it make it a basic smartphone?
37. -box- posted on 17 Aug 2012, 13:52 3 2
I wouldn't even call it a smartphone. It's a feature phone with a lot of apps and WiFi access. My old Nokia 5230 Nuron was able to run circles around the iphone4S, and only lacked its number of apps and WiFi, and that was considered an advanced feature phone, and had it WiFi would have been considered an entry-level smartphone
45. gallitolimitededition (banned) posted on 17 Aug 2012, 19:05 2 3
A smartphone is a mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a feature phone. the iphone is a smartphone
48. The_Innovation posted on 17 Aug 2012, 20:45 0 1
You forgot to mention...the iPhone.
29. rallyguy posted on 17 Aug 2012, 13:26 6 1
This only happens when you send an SMS while holding it wrong.
32. skymitch89 posted on 17 Aug 2012, 13:35 0 0
Now that this has been exposed, you know that Apple will do whatever they can to fix it.
50. Savage posted on 18 Aug 2012, 01:56 1 0
Yep! But first they'll sue the hacker for revealing this flaw.
49. vickygamit posted on 17 Aug 2012, 22:48 0 0
who says macs are safe thousand of macs attacked by trojans ! apple also changed their website words virus proof OS to secure OS!
51. balathegame posted on 18 Aug 2012, 02:27 0 0
OH NO !! PHONE ARENA WHAT HAVE YOU DONE ??
JUST ABOUT APPLE FINISHED MILKING MONEY FROM THE LAW SUITS YOU HAVE SET OFF ANOTHER ONE !!
now apple will sue you for misleading the ipeople , using word sms, using the word apple , using the word ios and so on ...... ... they will ask you to pay 1 cent for every hit on this website !!!
52. balathegame posted on 18 Aug 2012, 02:29 0 0
then they will sue the poor hacker for helping others !!!