Hacker finds flaw on iPhone Messages App that allows SMS Spoofing
World known iOS devices hacker pod2g has found a security hole on iPhone’s “Messages” app which allows SMS Spoofing. Now, if you are not quite sure that what exactly “SMS Spoofing” is, I would recommend you to visit the Wikipedia page or just do some Google search.
The vulnerability allows anyone to send messages to any iPhone user and make it look like that it came from a trustworthy source. Using this method a scammer can influence users to visit certain phishing sites to trap them.
On a blog post pod2g explains that text messages are basically converted to PDU or Protocol Description Unit by the mobile and passed to the baseband for delivery. This unit also carries a section called UDH or User Data Header. Even though this is an optional data of PDU but it can define lot of advance features supported by smartphones mostly. One of these feature enables the user to change the reply address of the text.
So, basically someone can send you a text by adding a different reply to number to misguide you. If you reply to that specific text it would not go to the original sender but to the reply address number which was changed by the original sender while sending the text. On iPhone receiver won’t see the original number rather they would see the reply to number. pod2g believes it can be exploited by anyone with little knowledge with a bad intention.
Pod2g, claims that it is a severe security flaw that Apple has overlooked from the very beginning of iPhone era. This flaw still exists on the iOS 6 beta 4 developers release. He urged to Apple to fix the problem before releasing the final version of iOS 6 which is going to be released with the launch of iPhone 5.