Pod2g uncovers major SMS security flaw in iOS

By , Aug 17, 2012

Despite the fact that Apple continues to receive praise for the security in iOS, hackers continue to discover vulnerabilities. Just look at all of the exploits that have been used in past jailbreaks.

Today, Pod2g adds another one to that list with his newly discovered SMS flaw. It has to do with the way the iPhone handles SMS, and could open the doors for text message spoofing…

From pod2g’s blog post:

“A SMS text is basically a few bytes of data exchanged between two mobile phones,  with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery…

…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.”

He goes on to say that in a safe implementation of this feature, the recipient of a text would see the original phone number and the reply-to one. But on the iPhone, only the reply-to number appears.

As you can imagine, this could cause all kinds of problems. There are a lot of services that use text messages to verify accounts and account info, and then there’s the whole personal aspect.

The security expert says that the flaw first appeared in the original iPhone, and still exists in iOS 6 beta 4. He’s pleading with Apple to correct the problem before the final release.

And they have good reason to. Pod2g also notes in the post that he’s working on a utility that enables you to recreate this problem, without all of the hacking, and plans to release it soon.

  • Share:
  • Follow:
  • Sara Pilling

    Yeah but anyone with a brain and common sense wouldn’t be so daft as to reply to a bank requesting that info. I know my bank sure as hell wouldn’t requset that info.

    • http://www.facebook.com/profile.php?id=1368694057 Jean Claude Tohme

      Yeah but there are some messages that come in more convenient ways and more formal…

  • selcukcura

    I’ve personally witnessed many spoofs using this method with my iphone. Apple seriously needs to fix it.

  • Sara Pilling

    I just delete any suspicious looking messages like this or don’t answer any unknown numbers.

    • http://www.facebook.com/stephen.m.simon Stephen Michael Simon

      Same here! I usually just send a “STOP” or add them to iBlacklist

      • http://yoursn0w.com Ali Wadi

        You never know sometime when you just hit reply they can easily access to your device like you give them permission to!

      • Hakim Bawa

        Uhh… Source?

  • http://www.facebook.com/profile.php?id=1368694057 Jean Claude Tohme

    Pod2G is amazing, he really cares for the community and has helped us in enormous ways.

    • Dlevi309

      i think everyone should at least donate 1 dollar to repay him for how much he’s done :D

  • http://www.facebook.com/CL3M3NTY3O Clement Yeo

    Apple will hire Pod2G?

    • @dongiuj

      I hope not. We need him more than apple (^_−)

      • http://twitter.com/HernandezEnoc1 Enoc hernandez

        I agree with you!!!!!

    • Daff Yheng

      Wouldn’t be surprised.

  • http://twitter.com/Eichi0 Eichi

    What’s that theme in the picture?

    • cruzcontrol1001

      Ayecon

  • Gustaf

    What theme is that?

  • http://www.facebook.com/profile.php?id=604885391 Richard Borkovec

    Something this serious that’s been around since iPhone OS 1 really needs to be fixed. I’m sure it wouldn’t taken more than 20 lines of coding to fix, and they could even have a toggle if you wanted it to show both the sending and reply to number, all under the “Security” section. Apple’s been getting really serious with security, so I can see this getting fixed before the release.

  • http://twitter.com/AflekBen Немања

    The theme is called Ayecon by Surenix.

    • http://www.facebook.com/stephen.m.simon Stephen Michael Simon

      Best theme out there, hands down! Just wondering why someone would give this a “Thumbs Down” WTF is wrong with people? All you did is state what the theme was, how could someone not like that?

  • Jerry Jordan

    Not seeing the problem here the way iDB states it. You would want to reply to the reply-to, if they spoofed it to a known contact then the known contact would get the info. The only way I see a problem is if the original number was displayed on the iPhone and the reply-to was hidden and changed to the low-life’s number.

  • Techpm

    I hope there’s something lost in translation, or is this the pwn community trying a hoax like the screw story? :-)

    If this story is true and the only thing that was found is people can spoof the number that shows up, then I’m sorry but this is a nothing.

    SMSs have been spoofable every since they were created. On any phone.
    It’s as bad as Caller ID. There are dozens of sites around that let you do it.

  • http://twitter.com/FreeManRepo Majd Alfhaily

    it’s pretty funny to see that the Bank uses iMessage to send SMS to their consumers :P

  • macinfo

    Per usual, the clueless, with no comprehension of the obvious that this issue has been around since the dawn of SMS, affects far more then the iPhone, and a hacker trying to make money from the clueless and make a name for himself gets accolades. what’s wrong with this picture.