5-year old SMS security flaw in iOS has finally been discovered... by a hacker
According to pod2g, the right way to implement this feature would be to make both the original and reply-to addresses visible to the recipient of the SMS. This way they will know which number has sent the message, and which number will receive the message once they reply. However, it looks like on the iPhone the user only sees the reply-to number, and they lose track of the original sender's number. This way, pod2g explains, it's very easy for a hacker to pretend that the message is send from a trusted source like your bank, when it actually isn't.
Here's the explanation directly from the horse's mouth:
According to the hacker, this kind of SMS flaw can be used for various bad stuff including someone pretending to be a trusted source, asking you to submit your personal data, or even a spoofed message acting as a false evidence.
Probably the most interesting thing about this whole story is that the flaw has been present ever since the launch of the original iPhone back in 2007, and continues to be around with the latest beta of iOS 6. pod2g presumes that other security researchers, as well as some pirates are also aware of it... which would be strange, because we should have known about this by now, if other security researchers like him were really aware.
source: pod2g's blog