Serious security flaw found in iOS text messages

SMS issue persistent through all versions of iOS

TODO alt text

While there are a great deal of hackers out there who exist solely to cause trouble for hardware and software makers, as well as their customers, there are a few diamonds in the rough.

Case in point, the hacker "pod2g," who spends his time discovering security exploits not to make use of them, but to make consumers and companies alike aware of problems.

His latest discovery is quite astounding, especially when you consider Apple is about to make a big push with their latest operating system, iOS 6.

The flaw in question affects every single version of iOS, including the most recent beta version of iOS 6, and allows hackers to send spoofed text messages to other phones without any indication they are fraudulent.

Is that text really from your bank?

As "pod2g" points out, when text messages are sent out, they are converted in the phone's Protocol Description Unit (PDU).

By accessing this PDU data, hackers are potentially able to utilize the User Data Header to mask the reply number in the text.

Typically, you would be able to see both the original and altered numbers. However, that's just not the case on the iPhone.

Thus the origin of the SMS remains hidden, and hackers can dupe recipients into believing they are getting a text from a trusted source such as their bank.

Fortunately, this only applies to SMS messages, and not messages sent across Apple's iMessage service.

Apple has yet to address the issue, however "pod2g" plainly states if he was able to discover the flaw, so were some other less forthcoming individuals.

Via ZDNet and pod2g