A new vulnerability has been found in Apple's iOS, mostly raising concerns among heavy texters. According to Pod2g’s report, the iPhone is vulnerable to a certain SMS spoofing attack. Read on for more.
As the father of the famous Absinthe jailbreak, Pod2g notes that the flaw has been there since the early days of text message implementation (SMS) in the iPhone, and it wasn’t addressed by Apple even by the latest iOS 6 beta 4.
In order to understand why the iPhone is vulnerable to SMS spoofing, here is a basic how-to of SMS messaging, explained by Pod2g: An SMS is a few bytes of data converted to a PDU (Protocol Description Unit) by the mobile and sent to the carrier for delivery. Now, the PDU protocol allows several types of messages to be produced; so, in other words, it is pretty dense.
The problem is with the section called the User Data Header (UDH), which is optional, but is the host of lots of advanced features not all mobiles are compatible with. Since most carriers don’t check this essential part of the message, pirates could use it to impersonate someone else for the simple reason that one of the aforementioned advanced options allows the user to change the reply address of the text. In other words, they can appear to be your bank or your friend, while they are actually after your private data.
We don’t know if any of pirates are already aware of this flaw, but Pod2g’s post asks Apple for immediate action to eliminate this vulnerability. The Cupertino company’s answer came a day after the report hit the Web and, once again, highlights Apple’s effort to make the iPhone the most secure Smartphone on the consumer market.
Contact Us for News Tips, Corrections and Feedback
"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS." Apple informed its customers