Major iPhone Security Flaw Permits Numerous Forms Of Malicious Attacks

Earlier today, pod2g (famed iOS security expert behind the 5.1.1 Untethered Jailbreak exploit) published his findings of a very troublesome iOS security issue. The newly-discovered vulnerability could potentially allow attackers to “spoof SMS messages”, meaning an individual can send a message that appears as if it’s from an authentic source.

The root of this issue resides in the way iOS handles User Data Header (UDH) information, which includes a multitude of advanced features and options – some of which are exclusive to iOS. Unfortunately, one of these options permits changing the number a user’s reply is sent to from the original sending number.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

Apple iOS 6 5.1.2 to fix SMS iPhone security flawThis severe exploit could leave iPhone owners vulnerable to SMS spoofing and other various attacks. Some of which include the following: sensitive data phishing attempts that drive users to harmful sites that collect personal information, the sending of a spoofed message to provide falsified evidence or obtaining information by first gaining the user’s trust under a pseudo-identiy.

In most instances, the attacker would require the name and number of an individual associated with the recipient to execute an effective data mining scheme. However, it’s possible to display virtually any number, leaving the possibility of posing as an authoritative figure or corporation (e.g. a bank) wide open for exploitation.

In his report, pod2g asks that Apple address this issue as quickly as possible and with all of the various applications for this security flaw, how could they refuse? Stay tuned for additional coverage on the situation and other iOS vulnerabilities.

About the Author:

Apoorv is the founder of Zamkato™. He started out with a vision to make a newer, better BlackBerry community website which quickly evolved into a full mobile experience. His life as a “Blogist” started out with a blog, only about BlackBerry themes, which then evolved into BlackBerry news, rumors, etc. Zamkato™ is writing in areas from Windows Mobile all the way to iOS and Apple. Most of the time you can find Apoorv working on his next few blog posts or looking for ways to make Zamkato™ a better experience for everyone. His main objective, has always been to provide everyone with up-to-date information about all the new electronics, cars, tutorials, etc. in town.

Apoorv Kumar – who has written posts on Zamkato.

Email • Twitter • YouTube

Copyright © 2016 · All Rights Reserved ·