iOS Hacker Discovers Major SMS Security Flaw In The iPhone


zc

iOS hacker and security researcher Pod2g has uncovered a major SMS security flaw with the iPhone that could lead to text message spoofing. The problem is with the way in which the iPhone handles text messages, and it’s present in the latest version of iOS — including the iOS 6 beta 4 release. However, Pod2g insists he’s pleading with Apple to get it fixed.

In a post on his blog, Pod2g explains the issue, and why it’s a particular problem with the iPhone:

“A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it is converted to PDU (Protocol Description Unit)  by the mobile and passed to the baseband for delivery.

[…] In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.”

Why is this a problem with the iPhone? Because on the iPhone, when you receive a text message, you only see the “reply-to” number — not the original one. Pod2g then provides a number of examples in which this could be a serious security issue.

For example, it could be used to send phishing that appear to come from your bank, but actually go to a different recipient when you reply.

It’s unclear how easy it is for hackers to intercept your messages, but Pod2g considers this a “severe” security flaw. He also explained that he’s confident other security researchers will already be aware of the issue, and “some pirates as well.”

Advertisements

One thought on “iOS Hacker Discovers Major SMS Security Flaw In The iPhone

  1. Stacee Cacciatore says:

    The computer connectivity of the HTC Legend is implemented quite well. It uses a Micro-USB port, so it should be compatible with all of your other Micro-USB devices. This is really a welcome relief if you’ve been utilizing a cell-phone which uses proprietary connectivity ports.1 of the best new features is FriendFeed. If you like chatting with your friends on social networking sites like Twitter, Facebook, and Flickr, then you will love this feature. It basically combines all of the social networking sites into one place so that you don’t need to keep hopping back and forth between them to keep checking your status updates.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s