Mobile, News, Vulnerability

iPhone SMS spoofing tool surfaces


A French hacker is playing “tell and show” with a security flaw in iOS and how the iPhone handles SMS.

Last week, “Pod2g” released details of the vulnerability, which is still present in the latest beta ofiOS 6, that could make iPhones a bit more exposed to spoofed texts or phishing scams. The missive included a plea to Apple to fix the security hole before the final release of iOS 6.

Until that happens, however, the same hacker is apparently quite happy to help others exploit the fact that iOS shows the “reply-to” number of a text by default. Shortly after blogging about the vulnerability and appealing to Apple, Pod2g released a tool called “sendrawpdu” that it says provides access to an SMS header and can be used for spoofing the reply-to field — although it doesn’t explicitly encourage such a use.

At least Pod2g was kind enough to warn us before adding another tool for digital deception to the world. Seems sporting, like a 30-second headstart to evade a flood of spoofed texts appearing to be from Citibank, or maybe the White House, or almost certainly — Apple.

Fake sandwich orders could be just the beginning…

I’ve reached out to Apple multiple times for comment on the SMS security issue and not heard back. I will continue to do so and update this post when I hear anything. An Apple representative did tell Engadget that spoofed messages are one of the “limitations of SMS,” and encouraged users to exercise caution when an unknown Web address pops up in a text.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s