5-year old SMS security flaw in iOS has finally been discovered... by a hacker

5-year old SMS security flaw in iOS has finally been discovered... by a hacker
A relatively serious flaw in the way iOS handles SMS messages has been found by hacker and iOS security researcher pod2g. It appears that there are some phones (not only the iPhone) that are compatible with a number of advanced SMS functions, that become enabled if a hacker tinkers with the UDH (User Data Header) section of a text message. One of these advanced functions allows the user to specify a different reply-to path for the message than the original one (which would be the number that actually sends the message).

According to pod2g, the right way to implement this feature would be to make both the original and reply-to addresses visible to the recipient of the SMS. This way they will know which number has sent the message, and which number will receive the message once they reply. However, it looks like on the iPhone the user only sees the reply-to number, and they lose track of the original sender's number. This way, pod2g explains, it's very easy for a hacker to pretend that the message is send from a trusted source like your bank, when it actually isn't.

Here's the explanation directly from the horse's mouth:

According to the hacker, this kind of SMS flaw can be used for various bad stuff including someone pretending to be a trusted source, asking you to submit your personal data, or even a spoofed message acting as a false evidence.

Probably the most interesting thing about this whole story is that the flaw has been present ever since the launch of the original iPhone back in 2007, and continues to be around with the latest beta of iOS 6. pod2g presumes that other security researchers, as well as some pirates are also aware of it... which would be strange, because we should have known about this by now, if other security researchers like him were really aware.

source: pod2g's blog

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless