Major iPhone Security Flaw Permits Numerous Forms Of Malicious Attacks


Apple iPhone SMS flaw Earlier today, pod2g (famed iOS security expert behind the 5.1.1 Untethered Jailbreak exploit) published his findings of a very troublesome iOS security issue. The newly-discovered vulnerability could potentially allow attackers to “spoof SMS messages”, meaning an individual can send a message that appears as if it’s from an authentic source.

The root of this issue resides in the way iOS handles User Data Header (UDH) information, which includes a multitude of advanced features and options – some of which are exclusive to iOS. Unfortunately, one of these options permits changing the number a user’s reply is sent to from the original sending number.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

Apple iOS 6 5.1.2 to fix SMS iPhone security flawThis severe exploit could leave iPhone owners vulnerable to SMS spoofing and other various attacks. Some of which include the following: sensitive data phishing attempts that drive users to harmful sites that collect personal information, the sending of a spoofed message to provide falsified evidence or obtaining information by first gaining the user’s trust under a pseudo-identiy.

In most instances, the attacker would require the name and number of an individual associated with the recipient to execute an effective data mining scheme. However, it’s possible to display virtually any number, leaving the possibility of posing as an authoritative figure or corporation (e.g. a bank) wide open for exploitation.

In his report, pod2g asks that Apple address this issue as quickly as possible and with all of the various applications for this security flaw, how could they refuse? Stay tuned for additional coverage on the situation and other iOS vulnerabilities.

Owner and webmaster of Jailbreak Tech Info. Tanner is also a professional Jailbreak tutorial writer, the main reporter for Jailbreak Tech Info and owner of the YouTube channel iCrackUriDevice. Feel free to shoot him an email at Tanner@BestTechInfo.com with any questions or comments.

  • NJezzy

    I’ve know about spoof texting for a while how is this different

  • http://www.facebook.com/ollie.kenworthy Oliver Kenworthy

    Oh dear! Fair play to Pod2g as usual.

  • twekeer

    Wow, that is a serious flaw indeed.