If you’re an iPhone owner, then you should be careful before responding to any text messages. French jailbreak developer and iOS security researcher Pod2G has found a flaw in iOS messaging system for which hackers or thieves could access your personal information. The flaw involves a malicious party spoofing the “reply” to number. According to Pod2G, this flaw is present in all versions of iOS up to and including the latest iOS 6 beta 4.
When a user writes a message, the mobile converts the message into Protocol Description Unit (PDU). PDU is a protocol that handles the sending and receiving of various types of messages in mobile devices. As soon as the sender sends the message, the mobile passes the converted message to the baseband for delivery. On the other side, there is a section called User Data Header (UDH) in the text payload which defines a lot of advanced features. One of these options enables the user to change the reply address of the text from the original one. In fact, the message header as well as the email header can be exploited since carriers don’t check for the validity of this information when used by third-parties.
According to the analysis of Pod2G, not only the iPhone but also there are some other phones that are compatible with a number of advanced SMS functions which can be enabled if a hacker tinkers with the UDH (User Data Header) section of a text message. It means, if the destination mobile is compatible with UDH, and if the receiver tries to reply to that text, then the message receiver will not respond to the original number, but to the specified one.
Here are some examples of Apple iOS flaw:
- Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- One could send a spoofed message to your device and use it as a false evidence.
- Anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
As Apple is using the reply-to address of a message’s User Data Header (UDH) to identify the origin rather than the raw source, so iPhone users can be circumvented if they don’t check this part of the message. Though it has been mentioned that iPhone will bring a proof of concept messaging tool soon, but Pod2G is pushing for an official solution before the next iOS version launches.
So for your precaution, we advice you not to believe any SMS that you receive on your iPhone from now on at first sight. The right way of replying a message would be message recipient should see both the original and reply-to addresses. By doing so, the replier will know which number has sent the message, and which number will receive the message once he/she replies. If you want to know more about it, you can read the detailed explanation of iOS text spoofing issue at Pod2G’s iOS blog.