Major iPhone Security Flaw Permits Numerous Forms Of Malicious Attacks

Earlier today, pod2g (famed iOS security expert behind the 5.1.1 Untethered Jailbreak exploit) published his findings of a very troublesome iOS security issue. The newly-discovered vulnerability could potentially allow attackers to “spoof SMS messages”, meaning an individual can send a message that appears as if it’s from an authentic source.

The root of this issue resides in the way iOS handles User Data Header (UDH) information, which includes a multitude of advanced features and options – some of which are exclusive to iOS. Unfortunately, one of these options permits changing the number a user’s reply is sent to from the original sending number.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

Apple iOS 6 5.1.2 to fix SMS iPhone security flawThis severe exploit could leave iPhone owners vulnerable to SMS spoofing and other various attacks. Some of which include the following: sensitive data phishing attempts that drive users to harmful sites that collect personal information, the sending of a spoofed message to provide falsified evidence or obtaining information by first gaining the user’s trust under a pseudo-identiy.

In most instances, the attacker would require the name and number of an individual associated with the recipient to execute an effective data mining scheme. However, it’s possible to display virtually any number, leaving the possibility of posing as an authoritative figure or corporation (e.g. a bank) wide open for exploitation.

In his report, pod2g asks that Apple address this issue as quickly as possible and with all of the various applications for this security flaw, how could they refuse? Stay tuned for additional coverage on the situation and other iOS vulnerabilities.

About the Author:

Apoorv is the founder of Zamkato, his vision for Zamkato started with just Blackberry News and Reviews, which have expanded to all areas of the mobile technology spectrum and Car News too. Apoorv has passion for technology all through out his blood, he lives for this. Apoorv is rocking an Apple Device and a BlackBerry.

Apoorv Kumar – who has written posts on Zamkato.


Email

Author: Apoorv Kumar

Apoorv is the founder of Zamkato, his vision for Zamkato started with just Blackberry News and Reviews, which have expanded to all areas of the mobile technology spectrum and Car News too. Apoorv has passion for technology all through out his blood, he lives for this. Apoorv is rocking an Apple Device and a BlackBerry.

Share This Post On

33 Comments

  1. I will immediately grasp your rss as I can’t find your email subscription hyperlink or newsletter service. Do you have any? Kindly permit me realize so that I may just subscribe. Thanks.

  2. Very interesting subject , regards for putting up. “Integrate what you believe into every single area of your life.” by Meryl Streep.

  3. We are researching regarding my bachelors amount throughout personal computer research, so i could go on to buy a entrepreneurs amount. I’ve my A+ in addition to Network+ qualification, and i am intending on becoming Linux systems, Multi-level Safety measures, and then the qualification.. . May i obtain a work accomplishing personal computer ‘forensics’ utilizing this? If they are not, what precisely should I do to expand my odds of buying a personal computer ‘forensics’ work?. . Kudos. Only a bit of guidance: I actually extra selection rather than all sorts of things utilizing laptops, however We are excellent with all the non-programming facet at the same time..

  4. I’ve been browsing online more than three hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the web will be a lot more useful than ever before.

  5. Thanks for your post. I also think laptop computers have gotten more and more popular lately, and now are usually the only form of computer utilised in a household. This is because at the same time that they are becoming more and more cost-effective, their processing power is growing to the point where they’re as highly effective as pc’s out of just a few years back.

  6. They can be trustworthy and so they surely get adjoined them in holiday with the storage room

  7. Love it!! Complements properly with my LV clutch i465!! Won’t search low-priced, great quality fantastic price tag!! Undoubtedly propose others to buy!!

  8. Im extremely glad that I found this specific blog post. This is just the information I was initially hoping for.

  9. its called network marketing gay guy.it seperates the people who stay working under someone and not making their own money living paycheck to paycheck from people who earn their money. im not even in world ventures n i can tell u that.

  10. Undeniably believe that which you stated. Your favorite justification seemed to be on the internet the simplest thing to be aware of. I say to you, I certainly get annoyed while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side effect , people can take a signal. Will likely be back to get more. Thanks

  11. You actually make it seem so easy with your presentation but I find this matter to be actually something that I think I would never understand. It seems too complicated and extremely broad for me. I’m looking forward for your next post, I will try to get the hang of it!

  12. I do believe all of the concepts you’ve presented on your post. They’re really convincing and will certainly work. Nonetheless, the posts are too brief for starters. May you please prolong them a little from subsequent time? Thank you for the post.

  13. The kamagra sklep American Political landscape has deteriorated over the past few years due to special interests. We need to stand up against that and take back our nation from Big Pharma, Big Tobbacco, Big Insurance and really just big corporations. It is time for our elections to cease being bought out.

  14. This example is excellent. It came out really quick and a protective ornamental package. I am making use of it each day considering that my buy and possesses stayed in great condition. I might suggest buying it.

  15. We are a kamagra apteka bunch of volunteers and opening a new scheme in our community. Your site provided us with helpful information to work on. You’ve done an impressive activity and our whole community will likely be grateful to you.

  16. Nj-new jersey mandates that numerous cars experience a coverage assessment just before getting collision or perhaps comprehensive insurance. The actual principle is made in order to avoid insurance plan scams by recording already present loss in order to recently covered with insurance cars. The insurance policy assessment is in addition in order to reports necessary for the motorized vehicle department’s mandatory reports. In the event the assessment is complete, customers need to alert your insurer to begin getting the advantages of collision or perhaps comprehensive coverage.

  17. hey there and thank you for your information � I have certainly picked up something new from right here. I did however expertise several technical points using this website, since I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and could damage your quality score if ads and marketing with Adwords. Well I�m adding this RSS to my e-mail and could look out for a lot more of your respective fascinating content. Make sure you update this again very soon..

  18. Amazing stuff but you should maybe write fresh content more often? I like your style :)

  19. I’m so happy to read this. This is the type of info that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this best doc.

  20. Howdy! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Many thanks!

  21. I like what you guys are up to. Such clever work and reporting! Carry on with the superb works guys. I’ve incorporated you guys to my blogroll. I think it will improve the value of my web site. :)

  22. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your blog when you could be giving us something informative to read?

Submit a Comment