A flaw in the iPhone software that handles text messages leaves open the possibility that a keen hacker could impersonate someone else, according to Pod2g, a French hacker who dabbles in Apple security.
That means you could theoretically receive a text message from a person you believe is a family member, and be persuaded to do any number of things, like wire money or reveal critical data like a social security or PIN number. PC Mag also points out an enterprising hacker could contact you via text from what appears to be your bank’s phone number, and direct you to a spoofed website, from where they could steal your data.
Pod2g explains the flaw exists in an optional set of code at the beginning of an SMS message. The code, known as the User Data Header (UDH), can include information specifying a different “reply” number than the number it was actually sent from.
Most cell phone carriers don’t keep track of that part of the SMS, which means it could be easy to manipulate. And since iPhones only display the “reply to” part of the message, Apple Insider points out iOS users have no way to double-check their response is headed to the person they thought sent the text in the first place.
In the blog, Pod2g requests Apple address this issue in the upcoming release of iOS 6, expected in mid September. The blog ends, “Now you are alerted. Never trust any SMS you received on your iPhone at first sight.” Eek!
- HTC Android Smartphone Security Flaw Exposes Sensitive User Data
- Teens Text 7 Times An Hour, Survey Shows
- Android Security Bug Opens Devices To Outside Control: CrowdStrike Researchers
- iCloud’s Find My iPhone Is Perfect For The Forgetful iPhone Owner, And Now It’s Free
- Scosche cellControl locks your device while driving, tattles on your text habit