An iOS security researcher, publicly known as pod2g, wrote on his blog about a vulnerability he discovered in all versions of iOS through to the latest beta release of iOS 6. The hacker revealed that this major iPhone security flaw has existed in Apple’s iPhone since it was first released in 2007.
According to pod2g, the reply-to number that is displayed when an iPhone users looks at an SMS can be easily manipulated to display a number different than the one actually sending the message. This vulnerability can be used by malicious attackers to send messages that seem to be from someone that is well-known and trusted, like a bank, but any replies to the message would be routed to a different phone without the sender knowing.
Pod2g explains why this flaw is such a big issue:
Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website[…] one could send a spooked message to your device and use it as a false evidence[…] anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
Pod2g considers this a severe security flaw and cautions iOS device users to be wary of SMS messages that ask for personal information.
Source: pod2g’s iOS blog via BGR and Gizmodo
Image Credit: flickr