Bug in Apple iOS SMS

Tuesday, August 21, 2012 @ 03:08 PM gHale


An Apple iOS security researcher who goes by the handle pod2g found a bug in Apple’s iOS platform.

The bug, which pod2g said others should know about, is present in all versions of iOS up to and including iOS 6 beta 4. The bug essentially allows hackers to spoof the reply-to number in a text message.

RELATED STORIES
Fake Android Skype App Malware
Windows 8 Attack Surface Larger
Linux Flash gets Double Security
Exploited in the Sandbox

Text messages are of course bits of text sent between cellphones. Americans send billions and billions of them to one another each month. They’re such a common form of communication that most people probably never stop to think they might be insecure.

In a post on his blog, pod2g said text messages convert from the original text to PDUs (protocol description units), which go to the baseband and then fire off across the network.

“In the text payload, a section called UDH (user data header) is optional but defines [a] lot of advanced features not all mobiles are compatible with,” pod2g said. “One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. Most carriers don’t check this part of the message, which means one can write whatever he wants in this section: A special number like 911, or the number of somebody else.”

Pod2g said bad guys could use this to send phishing messages via SMS. In one case, a person could receive a message that would appear to come from their bank, requesting information or sending them to a website. If they respond to the message, the reply wouldn’t go to the bank, but instead to the phisher. If you’re fool enough to send personal information via SMS, then you could be in a bit of trouble.

Pod2G also said attackers could send spoofed messages to your device that would appear to have come from you.



Leave a Reply

You must be logged in to post a comment.