Pod2g Discovers Major iOS Security Flaw

 

Messages App

iOS hacker Pod2g has discovered a major security flaw in iOS. The hole allows users to fake an SMS reply number. This means that someone with malicious intent can pretend to be a trusted source, such as a bank, etc., and ask for sensitive information.

This is pretty dangerous as you can imagine folks stealing account numbers or other sensitive information from unsuspecting users. Because the number seems legit, it’s likely easy to fall for the trick.

It’s worth noting that the iPhone isn’t the only handset that’s vulnerable, but due to its popularity, there is focus on Apple’s handset.

Here’s an explanation:

“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.”

Good to know.

[via BGR]

About 8bitjay

Google + Profile