Post: Pod2g Discovered SMS Security Flaw in iOS
Options
08-20-2012, 02:13 AM
#1
Alt
Banned
Pod2g – the well known iPhone hacker behind the hole used on Absinthe 0.4 used to jailbreak iOS 5.0.1 and Absinthe 2.0.4 to jailbreak iOS 5.1.1 – has discovered a sever flaw in the SMS system in iOS.
You must login or register to view this content.
[An SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery…
…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.
Simply, you may receive an SMS from someone, and when you reply to this SMS, your SMS will be sent to the sender of the original message that you received along with another hidden number which might get a private information about you.
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
This flaw exists since the first generation iPhone and still exists in iOS 6 beta 4. Hopefully, Apple will handle this problem before the public release of iOS 6 next month.
08-20-2012, 03:31 AM
#2
Coqui
Former Staff
Originally posted by Alt
Although all the statistics and surveys confirm that iOS is the most secured operating system compared with other smartphones’ operating systems, the hackers continue to discover flaws and vulnerabilities in iOS.
Pod2g – the well known iPhone hacker behind the hole used on Absinthe 0.4 used to jailbreak iOS 5.0.1 and Absinthe 2.0.4 to jailbreak iOS 5.1.1 – has discovered a sever flaw in the SMS system in iOS.
You must login or register to view this content.
[An SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery…
…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.
Simply, you may receive an SMS from someone, and when you reply to this SMS, your SMS will be sent to the sender of the original message that you received along with another hidden number which might get a private information about you.
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
This flaw exists since the first generation iPhone and still exists in iOS 6 beta 4. Hopefully, Apple will handle this problem before the public release of iOS 6 next month.
Pod2g – the well known iPhone hacker behind the hole used on Absinthe 0.4 used to jailbreak iOS 5.0.1 and Absinthe 2.0.4 to jailbreak iOS 5.1.1 – has discovered a sever flaw in the SMS system in iOS.
You must login or register to view this content.
[An SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery…
…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.
Simply, you may receive an SMS from someone, and when you reply to this SMS, your SMS will be sent to the sender of the original message that you received along with another hidden number which might get a private information about you.
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
This flaw exists since the first generation iPhone and still exists in iOS 6 beta 4. Hopefully, Apple will handle this problem before the public release of iOS 6 next month.
I think this "flaw" have something to do with SMS's that's why it have not been fixed, I'm saying this because this "flaw" do not exist on iMessage and iMesage was developed by Apple so why would that work on SMS but not on iMessage?
Do you get what I'm saying? :p
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
