SMS vulnerability could allow text spoofing on iOS devices

SMS vulnerability could allow text spoofing on iOS devices | iMore.com Skip to main content AndroidBlackBerryiPhone / iPadWindows PhonewebOS

Join our iPhone, iPod touch, iPad and Apple TV community today!   Register or Login Here

iMore iPhone iPad Forums Apps Accessories Reviews How-To Podcasts Free wallpapers: iPhone & iPad Guides: iOS, iCloud, Siri, photography, jailbreak Free: iPhone apps & games, iPad apps & games Shop Online Cases Chargers Screen protectors Headsets & More Free shipping on orders over $50 SMS vulnerability could allow text spoofing on iOS devices By Allyson Kazmucha, Friday, Aug 17, 2012 a 1:22 pm 3

pod2g has just published a blog regarding an SMS vulnerability he's found in iOS that could allow someone to abuse the protocol for SMS in order to spoof or send fake text messages. The exploit has been an issue since the incarnation of iOS and is still present in iOS 6 beta 4.

He's now urging Apple to fix it.

He goes on to explain a bit about the protocol that is used to send SMS messages, PDU (Protocol Description Unit), and how it works.

PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, ... The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...

The problem is that if you own a smartphone or a modem you have the ability to send messages in this raw type of format. There's also an optional section, UDH (User Data Header), that not all smartphones are compatible with but that allows more advanced features to be sent in a message. Some of these "more advanced features" include changing the reply-to address or sending the message from a different number altogether. The iPhone does support these features and contains a vulnerability that makes it susceptible to attacks by hackers that may choose to abuse this system.

pod2g lays out a few ways in which hackers could take advantage of this exploit:

pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing] one could send a spoofed message to your device and use it as a false evidence. anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.

There are tools already available that make it rather simple to manipulate this data on smartphones. He's also created a tool for the iPhone 4 that he also plans on releasing. He is currently urging Apple to fix the issue before the public release of iOS 6 and warns that you should never trust an SMS message containing sensitive data on your iPhone in the time being.

Do you think releasing the tool will get Apple's attention or just cause more issues in the mean time for end users?

Source: pod2g

Allyson Kazmucha

How-to, Jailbreak, and DIY Editor at iMore, Founder of PXLFIX, Potter pundit, the ninja in your iOS.

More Posts

 

2 5 48 More of: News
More of: Pod2g, iOS exploits, Bugs, SMS vulnerability ? PreviouslyLogMeIn Ignition vs. Screens vs. iTeleport: VNC apps for iPad shootout! Next up ?AT&T will require you to be on a Mobile Share plan to use FaceTime over cellular There are 3 comments. Add yours. BLiNK says: Aug 17, 2012 at 2:01 pm - 2 days ago

pod2g - Apple intern coming soon

Reply kch50428 says: Aug 17, 2012 at 2:06 pm - 2 days ago

Anybody that would send sensitive, personal information in an SMS reply is not practicing the best in protection and data security. Never send sensitive info over SMS - if anybody needs that info, give it to them over the phone, or best - in person.

Reply GlennRuss says: Aug 17, 2012 at 4:59 pm - 2 days ago

So true. Never send sensitive information in any kind of electronic mail system. The only reason these types of scams work, is because people will still give out sensitive information. I had the bank call me about a problem. I asked for the persons name, and extension. I advised him, I would call him back. I then called the number on the back of my credit card, and finally got a live person, then got the fraud agent that called me. Never trust anything.

Reply Contact iMoreSEND US NEWS  |  SUBMIT AN APP

Shop iMore

THE #1 ACCESSORY STORE | 2 MILLION+ ORDERS SHIPPED

iPhone 4S Cases Chargers Car Kits & More New iPad Cases Chargers Screen Care & More iPhone 4 Cases Chargers Car Kits & More iPad 2 Cases Chargers Screen Care & More iPhone 3GS Cases Chargers Car Kits & More iPad Cases Chargers Screen Care & More Follow iMore(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=213678485361751"; fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));

Follow @iMore!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");


Facebook
Twitter
Google+
RSS
YouTube
iTunes Watch iMore Tell iMore
Team iMore
Rene
Georgia
Leanna
Chris
Ally
Simon
Chris
Michelle Headlines Marvel assembling new Avengers game for iPhone, iPad Editor's desk: Training dragons How a digital life was recovered using 1Password, Dropbox, and DrivesSavers Apple responds to SMS vulnerability concerns, suggests using iMessage All headlines Help & how-to How to keep fast 802.11n Wi-Fi speeds by switching old iOS devices to Bluetooth connections How to open apps from an unidentified developer in OS X Mountain Lion How to send an iMessage How to delete old backups and other ways to free up space in iCloud All help & how-to Apps & games Marvel assembling new Avengers game for iPhone, iPad GetGlue for iPad now lays out your TV schedule Horn brings fantasy action to iPhone and iPad BBC iPlayer gets updated with retina quality video and performance improvements All apps & games Accessories SuperTooth Buddy hands free Bluetooth speakerphone for iPhone review Adonit Jot Touch pressure-sensitive, Bluetooth stylus review Pebble E-Paper watch gets a user interface demo but still no news on a release date Parrot AR.Drone gets smoother and more social with FreeFlight 2.0 All accessories iPhone Monday Brief: Motorola vs Apple, iPad Mini, WP8, and more! Marvel assembling new Avengers game for iPhone, iPad Editor's desk: Training dragons iOS 6 preview: Siri for iPad All iphone More iPad Monday Brief: Motorola vs Apple, iPad Mini, WP8, and more! Marvel assembling new Avengers game for iPhone, iPad Editor's desk: Training dragons iOS 6 preview: Siri for iPad All more ipad iOS 5 + iCloud Monday Brief: Motorola vs Apple, iPad Mini, WP8, and more! Marvel assembling new Avengers game for iPhone, iPad Editor's desk: Training dragons iOS 6 preview: Siri for iPad All ios 5 + icloud Jailbreak How to get Absinthe 2.0 working on OS X Mountain Lion Draw and handwrite iMessages and texts with Grafiti for iPhone [jailbreak] aTV Flash updated to version 4.5 for original Apple TV How to jailbreak iOS 6 beta 3 with redsn0w 0.9.13 dev 3 All jailbreak Device reviews The new iPad (2012) review iPhone 4S review 2011 iPod touch review White iPhone 4 review All device reviews Comparisons Google Nexus 7 vs. iPad 3, unboxing and first impressions -- from iMore! Apple iPad or Google Nexus 7: Which one should you get? Samsung Galaxy S III gets reviewed -- the good, the bad, and the copied iPhone 4S vs. Galaxy S III All comparisons Features Forums: Classic games to play, Ditching email signatures, 10" or 7" iPad which would you rather have? Forums: Maintaining separate iTunes accounts, A unique photo syncing problem Forums: Back to School photo contest, NCAA football time, What color iPhone 5 will you be getting? Forums: Looking for a password manager, iPad mini, do people really want it? All features Contests iMore Weekly Photo Contest winner: Back to School! Contest Winners: Sexy Beach photo contest, $117 (not billion) dollars, Plume, and tons of accessories! Contest Winners: Twitter Treasure Hunt and Brandnew Boy codes and iTunes gift cards! Win a FREE Plantronics Discovery 975 Bluetooth Headset in the iMore Twitter Treasure Hunt! Enter Now! All contests Mobile Nations YouTube Channel Follow Us on Twitter Join us on Facebook Mobile Nations RSS Feed 8,294,537 Readers Per Month Mobile Nations brings you the very best of Android Central,
CrackBerry, iMore, webOS Nation, and WPCentral   Monday Brief: Motorola vs Apple, iPad Mini, WP8, and more!Marvel assembling new Avengers game for iPhone, iPadEditor's desk: Training dragonsiOS 6 preview: Siri for iPadHow a digital life was recovered using 1Password, Dropbox, and DrivesSaversSuperTooth Buddy hands free Bluetooth speakerphone for iPhone review   Seidio Desktop Cradle review - simple stylish syncingSamsung Galaxy Note 10.1 torn down, found to have tablet parts insideBarnes & Noble bringing Nook products to the UKMonday Brief: Motorola vs Apple, iPad Mini, WP8, and more!Samsung announces Europe launch for dual-SIM Galaxy S Duos RIM UK & Ireland appoint Rob Orr as new Managing DirectorMonday Brief: Motorola vs Apple, iPad Mini, WP8, and more!Feed the Kitten - a great new game for BlackBerry smartphonesGlobe Telecom partners with retailers to bring exclusive offers to prepaid BlackBerry customersProtect your domain with People On My Lawn! Oxford Advanced Learner’s Dictionary for Windows Phone now availableWindows Phone App Review: Fhotoroom version 2.0Monday Brief: Motorola vs Apple, iPad Mini, WP8, and more!HTC to book loss of $40 million US with OnLiveFrom the Editor’s Desk – Metro names, Nokia announcements and leaks galore One year ago, HP cancelled webOS hardware and everything changedHP creates Mobility division to handle tablets and suchCheck last profile backup datewebOS Community Edition sees first release as webOS Ports' LunaCE AlphaHP secures two-letter Armenian url for GramThe "Open webOS on my TouchPad" Contest winner!   iPhone / iPad ForumsAndroid ForumsBlackBerry ForumsWindows Phone ForumswebOS Forums Copyright 2012 Mobile Nations ? Terms and Conditions ? Privacy Policy

View the original article here