5-year old SMS security flaw in iOS has finally been discovered... by a hacker

5-year old SMS security flaw in iOS has finally been discovered... by a hacker
A relatively serious flaw in the way iOS handles SMS messages has been found by hacker and iOS security researcher pod2g. It appears that there are some phones (not only the iPhone) that are compatible with a number of advanced SMS functions, that become enabled if a hacker tinkers with the UDH (User Data Header) section of a text message. One of these advanced functions allows the user to specify a different reply-to path for the message than the original one (which would be the number that actually sends the message).

According to pod2g, the right way to implement this feature would be to make both the original and reply-to addresses visible to the recipient of the SMS. This way they will know which number has sent the message, and which number will receive the message once they reply. However, it looks like on the iPhone the user only sees the reply-to number, and they lose track of the original sender's number. This way, pod2g explains, it's very easy for a hacker to pretend that the message is send from a trusted source like your bank, when it actually isn't.

Here's the explanation directly from the horse's mouth:


According to the hacker, this kind of SMS flaw can be used for various bad stuff including someone pretending to be a trusted source, asking you to submit your personal data, or even a spoofed message acting as a false evidence.

Probably the most interesting thing about this whole story is that the flaw has been present ever since the launch of the original iPhone back in 2007, and continues to be around with the latest beta of iOS 6. pod2g presumes that other security researchers, as well as some pirates are also aware of it... which would be strange, because we should have known about this by now, if other security researchers like him were really aware.

source: pod2g's blog

Related phones

iPhone 4s
  • Display 3.5" 640 x 960 pixels
  • Camera 8 MP / 0.3 MP VGA front
  • Processor Apple A5, Dual-core, 800 MHz
  • Storage 64 GB

FEATURED VIDEO

56 Comments

1. PAPINYC

Posts: 2315; Member since: Jul 30, 2011

I thought iOS was security flaw-proof and hacker-proof? WTiF???

3. networkdood

Posts: 6330; Member since: Mar 31, 2010

like a MAC?

5. PAPINYC

Posts: 2315; Member since: Jul 30, 2011

I know MACs are security flaw-proof and hacker-proof; everybody knows that. And, they never break while Apple Care is current (only the day after it expires).

15. The_Innovation

Posts: 648; Member since: Jul 18, 2012

You've been misinformed. Do you know why there aren't any viruses or hacks for Macs? Because a very small percentage of the population actually uses a Mac. Most of the world run PC's. So the people making hacks and viruses, especially those that track information, want to gather that information from mass populations. If suddenly the same amount of Macs start being used as PC's, you'd have the same hacks and viruses in Macs. In short, it's simply not wroth the effort to hack Macs. But if a hacker wants to target someone specific running a Mac, he damn well can. If God himself couldn't sink the Titanic, and an iceberg did, then Macs aren't safe from anything. ...just something to think about.

23. tizz06

Posts: 15; Member since: May 17, 2012

thank you someone that understands y Mac's don't get infected wit viruses but yeah safari was hacked in 5 seconds in the PWN2OWN competition last year Mac's aren't that safe

24. -box-

Posts: 3991; Member since: Jan 04, 2012

I believe PAPINYC was being sarcastic, or at least that's how I interpreted it. You are correct in that fewer people use macs, but incorrect believing there isn't ANY malware for them. There's plenty, and more and more each day as more glaring security flaws are expolited in the OS. Windows may have more malware created for it, but it's (Windows 7 and 8, that is, XP and prior are still metaphorical swiss cheese, much like iOS) technicaly more secure and less vulnerable than OS X

42. The_Innovation

Posts: 648; Member since: Jul 18, 2012

I see it now...I think he was being sarcastic as well. Well in any event, let what I said just generally be known for anyone wondering why.

53. piyushkohli97

Posts: 5; Member since: Jul 14, 2012

you are wrong.... do you know anything about unix and linux?? search about unix(mac osx & ios) and also search about linux(android & ubuntu,etc). Just check this out you will get to know why mac and ios dont get malwares. i dont say that mac dosent get viruses but simple reason is it is very tough to make a virus for mac.

43. master0fursinz

Posts: 104; Member since: Apr 26, 2010

Wait a sec. I did read on BGR last year that Apple security is about a decade behind PC. This is coming from those so called "security experts". But i do believe that they are vunerable to virus' and hacks. It just a matter of time before they become cheaper and mainstream like pc. Then again we are talking about Apple.

14. bobfreking55

Posts: 866; Member since: Jul 15, 2011

lol. i thought so too. if only itunes was dead, side-loading was allowed and a file manager was accessible... i'd switch to iOS even if it or it is not ''unhackable'' or crap. haha.

39. wademvp91

Posts: 11; Member since: Nov 29, 2011

I see what you did there

56. Pings

Posts: 304; Member since: Dec 19, 2008

Pwn2own Apple is always the worst security/hacker wise.

2. networkdood

Posts: 6330; Member since: Mar 31, 2010

'OOPS!' ~ APPLE

54. kingpet13

Posts: 139; Member since: Feb 02, 2012

Sorry meant to thumb you up. Darn touchscreen

4. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

"You're hacking it wrong." - Apple

6. bloodline

Posts: 706; Member since: Dec 01, 2011

"you shouldnt be using SMS anyway" - apple

18. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

You should only be exchanging iMessages with other iMessage users. SMS is like un-protected, un-safe sex.

57. neutralguy

Posts: 1152; Member since: Apr 30, 2012

hey droid_x_doug, apple just read your comment and said, "why not do what droid_x_doug is saying?, working for a fix is time consuming. Let's just go with what he said and continue wasting our time suing other company instead of doing a fix!"

19. Savage unregistered

Lol, Expect Apple to disable the messaging feature straight-away!

7. paulyyd

Posts: 340; Member since: Jan 08, 2011

lol my 5 year old macbook puts anything that has windows software on it to shame so hate all you want

13. mas11

Posts: 1034; Member since: Mar 30, 2012

My dad's 7 year-old Windows XP PC that's currently collecting dust in his basement can still run programs that your Mac only wishes it could.

26. Fallout09

Posts: 421; Member since: Oct 17, 2011

BURN!

38. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Best comment I've seen on this site in awhile. +1.

55. paulyyd

Posts: 340; Member since: Jan 08, 2011

lol keep dreaming bud

8. Republican

Posts: 99; Member since: Apr 05, 2012

Still the most powerful,successful and innovative os ever created. Built for the elite.

12. mas11

Posts: 1034; Member since: Mar 30, 2012

Oh God you're back.

16. The_Innovation

Posts: 648; Member since: Jul 18, 2012

*downloads Chrome* *wants to set it as a default browser* *....F***!* Well, so much for that.

20. Savage unregistered

And that's not it. *puts mp3 in iPhone* *wants to set it as ringtone* -Well, FML!

41. The_Innovation

Posts: 648; Member since: Jul 18, 2012

*tries to put mp3 in iPhone* *has to download iTunes first* Well, I've had just about enough.

34. -box-

Posts: 3991; Member since: Jan 04, 2012

ZING!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.