iPhone Security Issue Opens Door to SMS Spoofing

ios messages iconJailbreak hacker and security researcher pod2g today revealed a newly-discovered security issue in all versions of iOS that could allow malicious parties to spoof SMS messages, making a recipient think that a message came from a trusted sender when it in fact came from the malicious party.

The issue is related to iOS's handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to something other than the sending number. The iPhone's handling of this optional information could leave recipients open to targeted SMS spoofing attacks.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you [lose] track of the origin.

pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.

In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution. But with the issue resulting in recipients being shown the reply-to address, an attack could be discovered or thwarted simply by replying to the message, as the return message would go to the familiar contact rather than the malicious one.

Related Forum: iPhone

Popular Stories

Generic iOS 18

Apple Releases iOS 18.0.1 With Touch Screen Bug Fix and More

Thursday October 3, 2024 2:22 pm PDT by
Apple today released iOS 18.0.1 and iPadOS 18.0.1, the first updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.0.1 and iPadOS 18.0.1 come two weeks after the launch of iOS 18. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release notes, the...
macOS Sequoia Night Feature

Apple Releases macOS Sequoia 15.0.1 With Bug Fixes

Thursday October 3, 2024 2:27 pm PDT by
Apple today released macOS Sequoia 15.0.1, the first update for the macOS Sequoia operating system. The 15.0.1 update comes a week after Apple first released macOS Sequoia 15. Mac users can download the ‌macOS Sequoia‌ update by using the Software Update section of System Settings. According to Apple's release notes, macOS Sequoia 15.0.1 fixes a bug that could cause the Messages app...
maxresdefault

Two Weeks With the iPhone 16 Pro Max

Friday October 4, 2024 12:04 pm PDT by
Now that it's been two weeks since the iPhone 16 models were released, we've been able to spend enough time with the new devices to share a more in-depth review on their performance, battery life, feature set, and more. Subscribe to the MacRumors YouTube channel for more videos. We've been testing the iPhone 16 Pro and Pro Max, but the gap between the Pro models and the standard iPhone 16...
Prime Big Deal Days Hero 3

The Best Early Prime Day Deals on AirPods, Apple Watch, and More

Friday October 4, 2024 10:43 am PDT by
Amazon is hosting another Prime Day event this year, called Amazon Prime Big Deal Days and offering shoppers the first chance to save on holiday shopping from a major retailer. Similar to the first Prime Day, it will last for two days (October 8-9) and you can already find a large selection of early deals across Amazon's storefront, covering savings on tech, clothing, video games, groceries, and...
top stories 5oct2024

Top Stories: iOS 18.1 Coming Soon, October Apple Event Rumors, and More

Saturday October 5, 2024 6:00 am PDT by
It's hard to believe we're already into October with the iPhone 16 launch behind us, but there's lots more still to come from Apple this year on both the hardware and software fronts. We're still expecting a number of Mac and perhaps some iPad updates in the very near future, while Apple Intelligence features are set to begin rolling out with iOS 18.1 and related operating system updates....
15 New Things Your iPhone Can Do in iOS 18

15 New Things Your iPhone Can Do in iOS 18.1

Friday September 27, 2024 6:14 am PDT by
Apple is set to release iOS 18.1 in October, bringing the first set of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update marks a significant step forward in Apple's AI integration, offering a new Siri contextually-aware experience and a range of additional capabilities powered by on-device machine learning and large language models. There are a couple of handy new...
ipad mini 2021 youtube

New Report Reveals When to Expect the iPad Mini 7

Tuesday October 1, 2024 2:09 pm PDT by
Apple is working on a new iPad mini that will "potentially" be released "by the end of 2024," according to a report today from Bloomberg's Mark Gurman. Last month, Gurman reported that Apple had "new iPads in the works," including an upgraded version of the iPad mini. At the time, he said the device was "on deck for Apple's October event" alongside the first M4 Macs. The wording in his...
M4 Real Feature Red

Gurman: Apple to Launch New M4 Macs and iPad Mini 7 on November 1

Sunday October 6, 2024 6:40 am PDT by
Apple will announce several new M4 Mac models around the end of October, with the company planning to launch at least some of them as soon as Friday, November 1, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman said that Apple will launch a new M4 version of its low-end 14-inch MacBook Pro, as well as higher-end 14-inch and 16-inch MacBook Pro models...

Top Rated Comments

JAT Avatar
158 months ago
I think we could use a slight rewrite of the article. It didn't say "malicious party" nearly often enough for me.
Score: 9 Votes (Like | Disagree)
gotluck Avatar
158 months ago


Nope. :apple:

But i'm not surprised it didn't come from someone legit.

Pod2g is quite legit in my book.
Score: 6 Votes (Like | Disagree)
miniConvert Avatar
158 months ago
This makes no sense. You don't need to use UDH tricks to 'spoof' the sender ID on a text message, you just set whatever sender ID you want to use. Any text message can contain up to 16 digits or 11 alphanumeric characters of sender ID, and there's absolutely nothing that ensures this data is somehow verified or official.

Just as with an email you can, technically, originate it from wherever the hell you like, so can you with a text message.

This 'discovery' is not a discovery at all. In fact, it doesn't seem to be a problem at all. It would only be a problem if the sender ID displayed on the iPhone could be one thing, but the destination of the reply text messages could actually be something else that the user had no knowledge of. Correct me if I'm wrong, but in this instance the user is fully aware of the number they're texting. So no problem.

And yes, I know SMS.
Score: 6 Votes (Like | Disagree)
Uncle Ruckus Avatar
158 months ago
Apple get you act together.

Uncle Ruckus no relations.
Score: 6 Votes (Like | Disagree)
miniConvert Avatar
158 months ago
Agree with this. You are correct, this is not possible. When a reply-to address is specified iOS displays that and ignores the sender.
Yeah, I'm pretty sure this story is without merit and should be taken down. Simply a misunderstanding/lack of understanding about how SMS works.
Score: 5 Votes (Like | Disagree)
theBB Avatar
158 months ago
It is easy to spoof caller ID and fool every phone on earth. How is this any more dangerous?
Score: 5 Votes (Like | Disagree)