A rather serious security flaw in the iPhone’s SMS messaging system has been discovered and revealed by well-known security researcher and jailbreak extraordinaire ‘pod2g’.
The researcher claims that the flaw has actually been present in Apple’s iPhone software ever since the first iPhone was launched in 2007, but has failed to have been picked up on by anybody, including Apple it seems.
Pod2g reports that the flaw is linked to the way the iPhone displays the telephone number at the top of a received text message. This number can apparently be manipulated to display any number with relative ease, by anybody with the relevant knowledge. In reality this means that text messages can be sent from one number, but will appear on the user’s iPhone as a trusted number, for example a well-known company or a bank. It doesn’t take a genius to realise this flaw could lead to many iPhone users being duped.
Users would be under the impression they were replying to the sender displayed on the screen of their iPhone, when in fact the text would be routed through to a different number without their knowledge.
In his report, pod2g notes that the iPhone isn’t the only phone that is vulnerable to such a problem;
“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.”
The flaw is still present in the fourth beta version of iOS 6, the software Apple plans to launch alongside its 6th generation iPhone this autumn. It’s hoped that by raising awareness now, the loophole can be closed in time for the final release. For now, iPhone users should be wary of sending sensitive information via text message.
Let us know your thoughts on our comments below or via our @Gadget_Helpline Twitter page or Official Facebook group.