Hacker Uncovers Serious SMS-Based Security Glitch On iPhone

Hacker Uncovers Serious SMS-Based Security Glitch On iPhone

When you talk about the iPhone and security, the main risk you think of is something to with jailbreaking or physically having it stolen. However iOS hacker Pod2g has discovered a major security issue to do with SMS, and it’s been there since day one of iOS, iDownloadBlog reports.

The glitch, should pirates exploit it, would allow them to phish for information by showing what seems to be the number of a bank or somebody else, when instead any reply would go directly to the pirate’s own number, potentially giving them access to valuable details.

He explains:

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

While this could be potentially be quite dangerous for somebody with no common sense, I think most would probably realise that your bank sending you texts is not normal (unless you’ve asked for it) and avoid it. Nevertheless, phishing exists for a reason which is people do fall for it quite often, and this security hole could make for a good attempt.

All versions of iOS (from the version present on the original iPhone to iOS 6 Beta 4) have this problem, and pod2g has implored Apple to fix it before the final release of iOS 6 in the autumn. It could potentially also be an issue on other phones, even though most probably don’t have it.

We’ll have to see what Apple does as it could be a huge problem for some while for others it could just be a nuisance. Nevertheless, it should be fixed ASAP.

  1. 786140 296017Youre so cool! I dont suppose Ive read anything in this way before. So nice to locate somebody by original thoughts on this topic. realy thanks for beginning this up. this fabulous web site is one thing that is needed on the internet, a person with a bit of originality. beneficial project for bringing a new challenge towards internet! 365075

  2. 652625 435814Wow that was strange. I just wrote an extremely long comment but following I clicked submit my comment didnt appear. Grrrr nicely Im not writing all that more than again. Regardless, just wanted to say fantastic blog! 637127

  3. 389278 445005Intriguing, but not ideal. Are you going to write far more? 453946

  4. 126907 177847You produced some decent points there. I looked on the web for that issue and discovered many people is going together with with the internet site. 987421

  5. 549131 946722youre in point of fact a good webmaster. The web site loading velocity is amazing. It seems that youre doing any distinctive trick. In addition, The contents are masterpiece. youve done a fantastic activity on this topic! 116997

  6. cvv carding says:

    307178 772748Visiting begin a business venture around the web generally indicates exposing your products or services moreover provider not only to some individuals inside your town, but however to a lot of future prospects who may possibly be over the web a lot of times. simple internet business 616922

  7. 674578 547901Howdy just wanted to give you a brief heads up and let you know several of the pictures arent loading properly. Im not certain why but I think its a linking problem. Ive tried it in two different internet browsers and both show exactly the same outcome. 997505

  8. 785750 298986A blog like yours ought to be earning a lot funds from adsense.~::- 46113

Leave a Reply

Your email address will not be published.