Ios
featured
Ios
featured
Ios

iPhone 4S

Take note, iPhone users, as a new security flaw has been discovered that could be used to spoof the reply phone number of a text message. Uncovered by an iOS security researcher known as pod2g, the hole utilizes an option in the Protocol Description Unit (PDU), which is the protocol that allows different messages to be sent on mobile devices. Inside the PDU is a section called the User Data Header (UDH) that allows users to change the reply-to number of a message, among other things. This means that a message could be altered to feature a reply-to number that's different than the actual number that sent the message. The problem is that iOS devices don't show the actual sender's number, just the reply-to number that may be faked. This flaw reportedly exists in all versions of iOS, including the latest beta of iOS 6.

Using this method of SMS spoofing, a sender could try to get the recipient to send personal information by posing as a trusted party or to click on a link to a malicious website. It may seem obvious to some that sensitive information probably shouldn't be shared over a text message, some folks might end up doing it anyway. And while it's interesting to note that this problem has apparently been around since the original iPhone's debut but hasn't been exploited or even noticed until now, it's still something that Apple should probably look into. The company hasn't commented on the matter, but we'll give you a heads-up if it does.

UPDATE: Apple has responded to the issue, explaining that addresses are verified in iMessages to protect against this type of spoofing. The company goes on to say that customers sending messages over SMS rather than iMessage should be "extremely careful" if they're being sent to an unknown address. Apple's full statement, sent to Engadget, is as follows:

"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."

Via The Verge, pod2g, Engadget


Don't forget to VOTE! Each week, PhoneDog Fans vote for their #1 smartphone in the Official Smartphone Rankings. Vote now and contribute to the industry's most relevant weekly ranking charts


Products mentioned in this Article



eBay prices for the Apple iPhone 4S 16GB Black


Related posts



Comments & discussions  




Most popular Videos
Most popular Videos
Most popular Videos

Most popular Reactions
Most popular Reactions
Most popular Reactions

This weeks "People's Choice Rankings" best smartphones
People's Choice Rankings


See all hot devices