iPhone iOS bug makes iPhone open to SMS spoofing

Posted on by Caroline Siñel in SMS Abuse



iPhone iOS logoA bug in the iPhone IOS has been recently discovered by a hacker named, pod2g, that makes iPhone’s text messages vulnerable to SMS spoofing. This bug allows anyone to send a text message and make it appear as if it came from anybody (e.g. a friend, your crush, the president, your mom, the lottery, the bank, or any other source). It affects all current versions of iOS and iOS 6 beta 4. According to pod2g’s website:

The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else. [Source: pod2g.org]

The bug is unique to the iPhone because of the way it handles the User Data Header (UDH). Since the iPhone’s SMS user interface doesn’t display the sender’s phone number, only the name of the sender, it would be hard for the recipient to know if the sender is legit.

Apple claims the bug lies in the SMS technology, not on the iOS itself. Therefore, they have no way of fixing it. Apple advised iPhone users to use iMessage instead.


Leave a comment

Your email address will not be published.


*