Apple has continuously worked towards the security measures in iOS. Their effort can’t be underestimated. With that said, the jailbreakers have been similarly active and haven’t missed out on any chance to discover vulnerabilities in the iOS firmware.

SMS Spoofing

The exploits used in all the past jailbreaks shows the talent of the jailbreak hackers. Read on for more information!

Pod2g recently discovered the new SMS flaw, and today he adds another exploit to the list. It is related to the way the iPhone handles the SMS, and can become the gateway for text message spoofing.

Pod2g – SMS Spoofing

Here is an extract from Pod2g’s blog post:

“A SMS text is basically a few bytes of data exchanged between two mobile phones,  with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery…

…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.”

Smashed iPhone 4S

He further added the recipient of a text would see the original number and the reply-to one in a safe implementation of the feature. However, only the reply-to number appears on the iPhone. As it means, this can lead to several different kinds of problems. Many services use text messages to verify accounts and the account info, and then there is personal information there as well.

The expert says the flaw still exists in iOS 6 beta 4, and was discovered back in the original iPhone. He has pleaded the fruit company to fix the problem before the public release of iOS 6. And there is a good reason they should. Pod2g also informed in the post about working on a utility that can recreate the problem, and without requiring any hacking. He also plans to release it soon. Feel free to comment!