subscribe: Posts | Comments

Major iPhone Security Flaw Permits Numerous Forms Of Malicious Attacks

33 comments

Posted by Apoorv Kumar on Aug 18, 2012 in Apple | 33 comments

0saves
Save
Email
Print

Earlier today, pod2g (famed iOS security expert behind the 5.1.1 Untethered Jailbreak exploit) published his findings of a very troublesome iOS security issue. The newly-discovered vulnerability could potentially allow attackers to “spoof SMS messages”, meaning an individual can send a message that appears as if it’s from an authentic source.

The root of this issue resides in the way iOS handles User Data Header (UDH) information, which includes a multitude of advanced features and options – some of which are exclusive to iOS. Unfortunately, one of these options permits changing the number a user’s reply is sent to from the original sending number.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

Apple iOS 6 5.1.2 to fix SMS iPhone security flawThis severe exploit could leave iPhone owners vulnerable to SMS spoofing and other various attacks. Some of which include the following: sensitive data phishing attempts that drive users to harmful sites that collect personal information, the sending of a spoofed message to provide falsified evidence or obtaining information by first gaining the user’s trust under a pseudo-identiy.

In most instances, the attacker would require the name and number of an individual associated with the recipient to execute an effective data mining scheme. However, it’s possible to display virtually any number, leaving the possibility of posing as an authoritative figure or corporation (e.g. a bank) wide open for exploitation.

In his report, pod2g asks that Apple address this issue as quickly as possible and with all of the various applications for this security flaw, how could they refuse? Stay tuned for additional coverage on the situation and other iOS vulnerabilities.

About the Author:

Apoorv is the founder of Zamkato, his vision for Zamkato started with just Blackberry News and Reviews, which have expanded to all areas of the mobile technology spectrum and Car News too. Apoorv has passion for technology all through out his blood, he lives for this. Apoorv is rocking an Apple Device and a BlackBerry.

Apoorv Kumar – who has written posts on Zamkato.

Email

0saves
Save
If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
  • http://www.gscraper.com/ blackhat software

    I will immediately grasp your rss as I can’t find your email subscription hyperlink or newsletter service. Do you have any? Kindly permit me realize so that I may just subscribe. Thanks.

  • http://www.maxiss.waw.pl/24898/Wyroby-Betonowe/serwis.html wyroby z betonu

    Very interesting subject , regards for putting up. “Integrate what you believe into every single area of your life.” by Meryl Streep.

  • http://www.airmaxhall.com/mens-nike-air-max-tn-c-56.html man tn

    We are researching regarding my bachelors amount throughout personal computer research, so i could go on to buy a entrepreneurs amount. I’ve my A+ in addition to Network+ qualification, and i am intending on becoming Linux systems, Multi-level Safety measures, and then the qualification.. . May i obtain a work accomplishing personal computer ‘forensics’ utilizing this? If they are not, what precisely should I do to expand my odds of buying a personal computer ‘forensics’ work?. . Kudos. Only a bit of guidance: I actually extra selection rather than all sorts of things utilizing laptops, however We are excellent with all the non-programming facet at the same time..

  • http://louboutionshoes.ucoz.com/ christian louboutin new york

    I’ve been browsing online more than three hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the web will be a lot more useful than ever before.

  • http://www.ireplicarolexwatches.com/ fake rolex watches

    This post is priceless. When can I find out more?

  • http://www.wastungegenpickel.org/pickel-unter-der-haut/ Pickel Unter Der Haut

    You’re confident you know this blog, precise?

  • http://www.seostatz.com Where to get backlinks

    If you don`t know where to get backlinks for your site – try Seostatz.com !

  • http://pro-directselect.webnode.fr/ puma pas cher

    Thanks for your post. I also think laptop computers have gotten more and more popular lately, and now are usually the only form of computer utilised in a household. This is because at the same time that they are becoming more and more cost-effective, their processing power is growing to the point where they’re as highly effective as pc’s out of just a few years back.

  • http://montblancpensok.weebly.com Booze

    They can be trustworthy and so they surely get adjoined them in holiday with the storage room

  • http://www.portoligaeuropa.com cheap louis vuitton handbags

    Love it!! Complements properly with my LV clutch i465!! Won’t search low-priced, great quality fantastic price tag!! Undoubtedly propose others to buy!!

  • http://groups.diigo.com/group/kcmvctjubzruzhpbrgsv/content/new-articlep-in-topic-of-direct-payday-loan-lenders-6011860 Sylvester

    I think you would be copeable to write an ebook about this stuff

  • http://apuestasinternacionales.com/article.php?id=1108 Gucci Guilty Perfume Gift Set

    This method ideal for anyone.

  • http://www.marloxxx.de kindiukof

    Im extremely glad that I found this specific blog post. This is just the information I was initially hoping for.

  • http://www.go4sunglasses.com/ mywebsite

    its called network marketing gay guy.it seperates the people who stay working under someone and not making their own money living paycheck to paycheck from people who earn their money. im not even in world ventures n i can tell u that.

  • http://www.vinnag.de Lekipotencja

    No, he means the tags.

  • http://www.onlinetvsoftware.net best online tv software
  • http://amedar.pl Amedar

    Undeniably believe that which you stated. Your favorite justification seemed to be on the internet the simplest thing to be aware of. I say to you, I certainly get annoyed while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side effect , people can take a signal. Will likely be back to get more. Thanks

  • http://www.freewebsite-service.com/mgkrause/forside.php france prada handbags

    You actually make it seem so easy with your presentation but I find this matter to be actually something that I think I would never understand. It seems too complicated and extremely broad for me. I’m looking forward for your next post, I will try to get the hang of it!

  • http://cajuncouponclippers.com/smfforum/index.php?action=profile;u=89359 kamagra sklep

    I do believe all of the concepts you’ve presented on your post. They’re really convincing and will certainly work. Nonetheless, the posts are too brief for starters. May you please prolong them a little from subsequent time? Thank you for the post.

  • http://www.kamagraoryginalna.pl/# tania kamagra

    The kamagra sklep American Political landscape has deteriorated over the past few years due to special interests. We need to stand up against that and take back our nation from Big Pharma, Big Tobbacco, Big Insurance and really just big corporations. It is time for our elections to cease being bought out.

  • http://www.sushitos.com Louis Vuitton Handbags Outlet

    This example is excellent. It came out really quick and a protective ornamental package. I am making use of it each day considering that my buy and possesses stayed in great condition. I might suggest buying it.

  • http://rozmova.biz/user/ghernapin/ tania kamagra

    We are a kamagra apteka bunch of volunteers and opening a new scheme in our community. Your site provided us with helpful information to work on. You’ve done an impressive activity and our whole community will likely be grateful to you.

  • http://www.dhmarkets/#rioewquri cheap nike nfl jerseys

    Nj-new jersey mandates that numerous cars experience a coverage assessment just before getting collision or perhaps comprehensive insurance. The actual principle is made in order to avoid insurance plan scams by recording already present loss in order to recently covered with insurance cars. The insurance policy assessment is in addition in order to reports necessary for the motorized vehicle department’s mandatory reports. In the event the assessment is complete, customers need to alert your insurer to begin getting the advantages of collision or perhaps comprehensive coverage.

  • http://androidmp3player.com android mp3 player

    That’s a good post.

  • http://bit.ly/LatestCoolAppleProductsVideo Hipolito M. Wiseman
  • http://cheapestbeatsbydre.webeden.net/ beats by dre cheap

    cheap beats by dre headphones sound great for those who love their music bass heavy [url=http://cheapestbeatsbydre.webeden.net/]cheap beats by dre[/url]

  • http://bit.ly/LatestCoolAppleProductsVideo Luigi Fulk

    Hi, great site, must come back to it later, but at the moment l am checking out the latest Apple iphone, Tablets and other cool Apple releases! Check out this great video! – http://bit.ly/LatestCoolAppleProductsVideo

  • http://www.vivistoresuk.com/vivienne-westwood-vivienne-westwood-purses-c-1_3.html Vivienne Westwood Purses

    hey there and thank you for your information � I have certainly picked up something new from right here. I did however expertise several technical points using this website, since I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and could damage your quality score if ads and marketing with Adwords. Well I�m adding this RSS to my e-mail and could look out for a lot more of your respective fascinating content. Make sure you update this again very soon..

  • http://www.timesaverisgreat.com Mary Motion

    Amazing stuff but you should maybe write fresh content more often? I like your style :)

  • http://pdxpeace.org/blog/jaydenduelun12/2012/sep/15/embrace-foot-most-important-buddha-globe Lorilee Kromm

    I’m so happy to read this. This is the type of info that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this best doc.

  • http://nicolefleronse.tumblr.com/ tinnitus remedies

    Howdy! Do you know if they make any plugins to help with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Many thanks!

  • http://photopeach.com/user/nikovaughan717 Jeri Macknight

    I like what you guys are up to. Such clever work and reporting! Carry on with the superb works guys. I’ve incorporated you guys to my blogroll. I think it will improve the value of my web site. :)

  • http://weddings1ew.com/bridal-lingerie best weddings

    Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your blog when you could be giving us something informative to read?