Security flaw in iOS lets hackers spoof texts

While dedicated hackers can be an annoyance to companies like Apple, they can sometimes be helpful when it comes to digging up potentially devastating  security vulnerabilities.

That’s certainly the case this morning, as Pod2G, a French iOS hacker/security researcher known for discovering jailbreaking techniques, has revealed an SMS spoofing flaw that affects every version of Apple’s mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.

As Pod2g explains it, an SMS text message is converted to Protocol Description Unit (PDU) when sent from a phone, a dense protocol that also handles things like voice mail alerts and emergency medical systems. If a hacker was able to send a message in raw PDU format, they could take advantage of the User Data Header section to alter the reply number for a text.

If properly implemented, you should see both the original texting address and the altered reply number. But on the iPhone, you only see the altered reply number. For whatever reason, the original sender gets hidden. The flaw only relates to texts on the iPhone, and not messages sent through Apple’s iMessage network (those don’t hit the SMS protocol at all).

Pod2G said he’ll be releasing an iPhone tool for raw PDU messaging soon, which should prove his findings. He thinks other security researchers are already aware of the SMS flaw, and he’s worried that hackers have caught wind as well.

We’ve asked Apple for further comment on this exploit, and we’ll report when we hear back.

Apple last year knocked security researcher Charlie Miller out of its developer program after he discovered a flaw allowing unapproved code to run in iOS.

Photo: Devindra Hardawar/VentureBeat