Apple iOS SMS Vulnerability Could Expose You To Phishing


We usually turn to iOS hacker pod2g for news on the latest jailbreak, but the same kind of mind that’s good at tracking-down the security exploits that allow for unsigned code to be run is just as adept as spotting vulnerabilities elsewhere in the platform. That’s what pod2g’s been up to lately, and today he announced an issue with how iOS displays text messages that could be very useful to phishers or other crooks looking to scam you.

The problem is with a little-talked-about feature of the SMS protocol, allowing the sender of a text message to specify a different number at which to receive responses; you’ve probably seen the same sort of thing in an email a few times with the Reply-To field.

In a properly designed SMS implementation, the phone would display both the originating number, as well as the reply number, when you get one of these text messages. The problem with iOS is that it will only show that reply number, making it appear to the user as if that’s actually where the text came from. Since there’s no verification on that number, a sender can essentially make it appear as if a text came from anyone: your employer, your bank, or a government agency.

Now that news of this vulnerability is public, we hope that Apple responds with a quick fix in time for the release of iOS 6. It seems simple enough to remedy, but in the meantime, think twice about just who may be sending the texts you receive.

Source: pod2g
Via: BGR

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!