A prominent jailbreaker known as pod2g has discovered a serious flaw in iOS that could allow people to spoof their identity and make text messages appear as though they’re originating from a different source.
In a blog post last Friday, pod2g remarked that the flaw could have “severe” security consequences, despite it not involving code execution. The hacker noted that all versions of iOS, including the iOS 6 beta version, are at risk, and implored Apple to fix it before this latest update was released.
According to pod2g, the vulnerability lies within something called the User Data Header (UDH), which is a section of the SMS payload that allows users to change the reply address of any message they want to send. For example, using the exploit it could be possible to send an SMS from your iPhone, and if a reply is sent it would go to your Blackberry or Galaxy S3 instead.
Normally, iPhone users would be able to see when the reply number is different from the one which the message originated from, but when the vulnerability has been exploited iPhone users only see the reply-to number, and lose track of the origin of the SMS.
The obvious risk is that this vulnerability could be exploited by scammers; for example, they could send an SMS claiming to be from your bank, asking you to click and link and verify your account info.
pod2g concludes: “Now you are alerted. Never trust any SMS you received on your iPhone at first sight.”
Pod2g didn’t mention whether or not he had alerted Apple to the flaw, but the company later made the following statement to Engadget:
“When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”
All eyes will now be on Apple to see if this security flaw is fixed ahead of iOS 6’s public launch later this year.