Search in HRJ Tricks

Related Posts Plugin for WordPress, Blogger...

Friday, August 31, 2012

Serious Security Flaw : iPhone Bug Allows SMS Spoofing


A rather serious security flaw in the iPhone’s SMS messaging system has been discovered and revealed by well-known security researcher and jailbreak extraordinaire ‘pod2g’. Security flaw affecting all iPhones that he says could facilitate hackers or thieves to access your personal information.

The researcher claims that the flaw has actually been present in Apple’s iPhone software ever since the first iPhone was launched in 2007, but has failed to have been picked up on by anybody, including Apple it seems.

Researcher revealed an SMS spoofing flaw that affects every version of Apple’s mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.

Users would be under the impression they were replying to the sender displayed on the screen of their iPhone, when in fact the text would be routed through to a different number without their knowledge.

pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.
Serious+Security+Flaw+iPhone+Bug+Allows+SMS+Spoofing

…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.

In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution.

In the meantime be prepared to update your iOS version as new options become available, as exploits are discovered Apple typically works quickly to fix those issue whenever possible.

2 comments:

  1. I'm extremely pleased to uncover this site. I want to to thank you for ones time for this particularly fantastic read!! I definitely really liked every part of it and i also have you saved as a favorite to see new information on your web site.

    Here is my homepage: free psychic readings
    Check out my web page :: this is great

    ReplyDelete
  2. It's a shame you don't have a donate button! I'd most certainly donate to this superb blog! I suppose for now i'll settle for bookmarking and adding your RSS feed to
    my Google account. I look forward to new updates and will share this website with my Facebook
    group. Chat soon!

    Feel free to surf to my web site :: online payday loans direct lenders

    ReplyDelete