Submitted by Bob Bhatnagar on
Ever worry that someone is trying to spoof the origin of text messages on your iPhone? Well according to developer pod2g you should. Although the security flaw he cites is not capable of executing malicious code, it can be exploited to fake the origin of an SMS to an unsuspecting iPhone user.
Pod2g is hoping Apple fixes the problem before the final release of iOS 6. If iOS dealt with incoming text message information properly, the message would display the reply-to (spoofed) phone number as well as the actual originating phone number. As currently configured, iOS only shows the reply-to number.
Now that so many online services and institutions use text messaging on a regular basis to communicate with customers, the security hole could be a problem. Apple has been getting positive feedback for improving other aspects of iOS security over the past few releases. Developers like pod2g are certainly keeping the company on its toes. He writes:
Why is it an issue ?
- Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]- One could send a spoofed message to your device and use it as a false evidence.
- Anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
Now you are alerted. Never trust any SMS you received on your iPhone at first sight.