Apple’s new iOS 6 operating system launched yesterday as a free update for iPhone, iPod Touch and iPad. It adds over 200 new features – or so says Apple – along with various improvements and fixes here and there.
Well-known security researcher and jailbreaker ‘Pod2g’ reported a while back on a serious security flaw that he found in the messaging system of iOS 6 while testing it in beta form. After updating to the finished version of the software yesterday, he’s confirmed that the flaw has thankfully been patched by Apple.
Posting via his Twitter account yesterday, he wrote “Apple has fixed both SMS issues I found in iOS 6. Good job and thanks to them.”
The main flaw gave way for the number that appears at the top of a received text message to be altered without the recipients knowledge, thus giving unsavoury types a way of tricking iPhone users into giving out sensitive details. Read more about the flaw and the threat it could have caused in our original article.
Original Article
A rather serious security flaw in the iPhone’s SMS messaging system has been discovered and revealed by well-known security researcher and jailbreak extraordinaire ‘pod2g’.
The researcher claims that the flaw has actually been present in Apple’s iPhone software ever since the first iPhone was launched in 2007, but has failed to have been picked up on by anybody, including Apple it seems.
Pod2g reports that the flaw is linked to the way the iPhone displays the telephone number at the top of a received text message. This number can apparently be manipulated to display any number with relative ease, by anybody with the relevant knowledge. In reality this means that text messages can be sent from one number, but will appear on the user’s iPhone as a trusted number, for example a well-known company or a bank. It doesn’t take a genius to realise this flaw could lead to many iPhone users being duped.
Users would be under the impression they were replying to the sender displayed on the screen of their iPhone, when in fact the text would be routed through to a different number without their knowledge.
In his report, pod2g notes that the iPhone isn’t the only phone that is vulnerable to such a problem;
“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.”
The flaw is still present in the fourth beta version of iOS 6, the software Apple plans to launch alongside its 6th generation iPhone this autumn. It’s hoped that by raising awareness now, the loophole can be closed in time for the final release. For now, iPhone users should be wary of sending sensitive information via text message.
Let us know your thoughts on our comments below or via our @Gadget_Helpline Twitter page or Official Facebook group.