iOS hacker and security researcher Cyril Cattiaux, better known as pod2g in the jailbreaking community, has returned to share a new major security flaw for iPhone that allows for SMS spoofing. While Cattiaux is better known for discovering exploits in iOS and releasing jailbreaking methods based on those vulnerabilities, this time around the hacker is urging that Apple fix this issue prior to the public release of iOS 6 in the Fall.
In layman’s terms, an SMS message is sent as a few bytes of data from one mobile device to another with the carrier transporting the information. According to the hacker, this data can easily be manipulated to show a different reply-to number, meaning that the user on the receiving end of the message could fall victim to a phishing attack or other malicious activity if they are sent messages that pretend to come from a reputable source: banks, places of employment and so forth.
“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text,” the hacker wrote. “If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. Most carriers don’t check this part of the message, which means one can write whatever he wants in this section: a special number like 911, or the number of somebody else.”
The hacker notes that the iPhone is not the only mobile device vulnerable to this security flaw, although the issue has been present since the earliest days of SMS on the Apple smartphone. Hopefully, Apple can work in collaboration with mobile providers to fix this issue in the near future. Otherwise, the implications could be rather serious.
Image credit: Flickr / wikidavid