A security researcher based out of the UK put up a blog post late this week publicizing a security flaw in Apple’s iPhone SMS app.
According to the post, put up by “pod2g”, Apple’s current version of its SMS app makes it easy for a malicious individual to send a text message from a spoofed address.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.
The result is that someone could send a seemingly benign text message that appears to originate from a trusted source but in reality contains spam of some sort or a link to a malicous website.
Why is it an issue ?
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
Note though that the flaw does not apply to Apple’s iMessage protocol as it is delivered as data is and is not an SMS.