Security researcher and iOS hacker pod2g has found and detailed a flaw in iOS that is considered “severe”, though it does not involve code execution.
According to pod2g “The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4.”
The flaw is found in the SMS messaging on iOS devices. The SMS text is a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. The text is converted to PDU (Protocol Description Unit) by the mobile device and sent through then passed to the baseband for delivery.
PDU handles the sending and receiving of various types of messages in mobile devices. Included in the message header there are various pieces of information about the message, including the details of the message sender. This feature is commonly used for automated messages from companies and carriers. And since carriers don’t check for the validity of this information when used by third-parties it can be exploited.
Because iOS does not allow you to view the number that you’re replying to this enables a malicious sender to fake his identity, making you think that a trusted number is sending the SMS. Because the “reply-to” number is different to the number displayed, iOS would send your message to a hidden number without you realizing.
According to pod2g, he believes the following is why this flaw is an issue:
- • Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
• One could send a spoofed message to your device and use it as a false evidence.
Source: pod2g’s iOS Blog