14 DAY TRIAL // Apple could be hard pressed to release an incremental software update to iOS 5 customers after the discovery of an SMS spoofing flaw by a renowned hacker.
Discovered a few days ago by jailbreaker Pod2g, the iOS text spoofing vulnerability is a serious one. So serious, Apple might have to push out an update just to fix this particular bug.
Pod2g reports on his blog, “I found a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.”
He goes to explain how the bug works and how a person with bad intentions could use it to their advantage, tricking others into thinking they’re replying to a certain phone number when, in fact, they’re replying to a whole different number.
“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with,” writes Pod2g.
“One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one,” he notes.
The security expert says most wireless operators don't check this part of the message. As such, “one can write whatever he wants in this section: a special number like 911, or the number of somebody else,” Pod2g exemplifies.
The hacker is convinced that a good implementation of this feature (an exploit), would allow pirates to “send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website.” In other words, a phishing attack.
Another potential scenario proposed by Pod2g, “one could send a spoofed message to your device and use it as a false evidence.”
Finally, Pod2g believes this is a serious problem because the flaw could be used “to manipulate people, letting them trust somebody or some organization texted them.”
After confirming the bug’s existence in iOS 6 beta 4 (the latest version in internal testing), the hacker urges Apple to fix the problem before the final release of the software.
The company could act in good faith by actually updating iOS 5 with an incremental update before iOS 6’s planned fall release.