Pod2g Uncovers Security Flaw in Apple iOS that Allows SMS Spoofing
Pod2G, a well know security researcher and member of Chronic Dev Team has uncovered a flaw in iOS messaging system, technically it may not be said as issue but rather design issue resulting Apple iPhone users in to believe SMS coming from the number mentioned in reply to field of SMS specification.
In an article “Never Trust SMS: iOS Text Spoofing”, pod2g explains how UDH (User data header) part of PDU protocol (Protocol Description Unit used to send text messages, mms, voice mail etc) can be exploited in such way that iPhone users will see reply to number rather origin number making them believing into text message is coming from reply to number.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.
In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin
Example of severity of this Apple iOS flow,
1. Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
2. One could send a spoofed message to your device and use it as a false evidence.
3. Anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
Now you are alerted. Never trust any SMS you received on your iPhone at first sight.
You can read details explanation of iOS text spoofing issue here at Pod2g’s blog,