iPhone Security Issue Opens Door to SMS Spoofing

by

ios messages iconJailbreak hacker and security researcher pod2g today revealed a newly-discovered security issue in all versions of iOS that could allow malicious parties to spoof SMS messages, making a recipient think that a message came from a trusted sender when it in fact came from the malicious party.

The issue is related to iOS's handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to something other than the sending number. The iPhone's handling of this optional information could leave recipients open to targeted SMS spoofing attacks.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you [lose] track of the origin.

pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.

In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution. But with the issue resulting in recipients being shown the reply-to address, an attack could be discovered or thwarted simply by replying to the message, as the return message would go to the familiar contact rather than the malicious one.

Related Forum: iPhone

Popular Stories

iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
Read Full Article80 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Read Full Article62 comments
iphone 16 pro ghost hand

iPhone 17 Pro: 5 Reasons Not to Upgrade This Year

Monday September 1, 2025 4:35 am PDT by
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Read Full Article114 comments
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Read Full Article211 comments
iOS 18 on iPhone Arrow Down

Apple Preparing iOS 18.7 for iPhones as iOS 26 Release Date Nears

Sunday August 31, 2025 4:35 pm PDT by
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs. We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else. iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
Read Full Article47 comments
iPhone eSIM Feature

Apple Hints at iPhone 17 Models Lacking SIM Card Slot in More Countries

Sunday August 31, 2025 8:52 am PDT by
Another hint has surfaced that Apple is preparing to eliminate the physical SIM card tray from iPhones in more countries this year. In particular, a source familiar with the matter has informed MacRumors that retail employees at Apple Authorized Resellers in the EU are required to complete a training course related to iPhones with eSIM support by Friday, September 5. There are 27 countries...
Read Full Article125 comments

Top Rated Comments

JAT Avatar
JAT
170 months ago
I think we could use a slight rewrite of the article. It didn't say "malicious party" nearly often enough for me.
Score: 9 Votes (Like | Disagree)
gotluck Avatar
gotluck
170 months ago


Nope. :apple:

But i'm not surprised it didn't come from someone legit.

Pod2g is quite legit in my book.
Score: 6 Votes (Like | Disagree)
miniConvert Avatar
miniConvert
170 months ago
This makes no sense. You don't need to use UDH tricks to 'spoof' the sender ID on a text message, you just set whatever sender ID you want to use. Any text message can contain up to 16 digits or 11 alphanumeric characters of sender ID, and there's absolutely nothing that ensures this data is somehow verified or official.

Just as with an email you can, technically, originate it from wherever the hell you like, so can you with a text message.

This 'discovery' is not a discovery at all. In fact, it doesn't seem to be a problem at all. It would only be a problem if the sender ID displayed on the iPhone could be one thing, but the destination of the reply text messages could actually be something else that the user had no knowledge of. Correct me if I'm wrong, but in this instance the user is fully aware of the number they're texting. So no problem.

And yes, I know SMS.
Score: 6 Votes (Like | Disagree)
Uncle Ruckus Avatar
Uncle Ruckus
170 months ago
Apple get you act together.

Uncle Ruckus no relations.
Score: 6 Votes (Like | Disagree)
miniConvert Avatar
miniConvert
170 months ago
Agree with this. You are correct, this is not possible. When a reply-to address is specified iOS displays that and ignores the sender.
Yeah, I'm pretty sure this story is without merit and should be taken down. Simply a misunderstanding/lack of understanding about how SMS works.
Score: 5 Votes (Like | Disagree)
theBB Avatar
theBB
170 months ago
It is easy to spoof caller ID and fool every phone on earth. How is this any more dangerous?
Score: 5 Votes (Like | Disagree)
Read All Comments