1. Akshay Masand's Avatar


    The popular iOS hacker and security researcher, pod2g, recently revealed a newly-discovered security issue that is found in all versions of iOS. The security issue could allow malicious parties to spoof SMS messages, making the recipient think that a message came from a trusted sender, when it in fact did not. The issue is related to iOS’ handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to a different number. The iPhone’s handling of this optional information could leave recipients open to targeted SMS spoofing attacks. Pod2g mentioned the following regarding the vulnerability:

    In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

    Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.

    In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you [lose] track of the origin.
    There are several ways malicious parties could take advantage of this vulnerability ranging from phishing attempts linking users to sites collecting personal information or spoofing messages for the purpose of creating false evidence. In many cases, the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the example shows how malicious parties could cause harm to innocent consumers. One way to currently discover or prevent becoming a victim would be to reply to any suspicious message as the return message would go to the familiar contact rather than the malicious one. That being said, doing so would only be a temporary solution to make sure someone isn't spoofing texts.

    The issue is still an important one and pod2g is trying to bring this to the attention of Apple in hopes of having the Cupertino California company patch the flaw in their mobile operating system.

    Source: pod2g (blog)

    Twitter: @AkshayMasand
    2012-08-18 12:05 PM
  2. Colin9001's Avatar
    LOLOL. Apple probably hates Pod2G.
    2012-08-18 02:35 PM
  3. wiipro's Avatar
    Wow

    *breathless*
    2012-08-18 02:43 PM
  4. Delerowen's Avatar
    LOLOL. Apple probably hates Pod2G.
    Actually, this is the reason why Apple should love pod2g. This is exactly what security researchers do. They usually do it in a private manner to Apple themselves but he felt this urgent enough to make public.
    2012-08-18 03:01 PM
  5. NakedFaerie's Avatar
    Apple don't do anything in private. They ignore it and hope it goes away so you need to make things public so they get off their pile of money and do something about it.
    They think their systems are unhackable and virus proof but they are way off.
    2012-08-18 03:12 PM
  6. tongxinshe's Avatar
    Apple don't do anything in private. They ignore it and hope it goes away so you need to make things public so they get off their pile of money and do something about it.
    They think their systems are unhackable and virus proof but they are way off.
    They are not stupid. There is no way they really think their systems are immune to virus. They are simply making use of a statistic fact in their favor on surface and hope it attracts more customers. Internally they definitely know the technical reality.
    2012-08-18 03:30 PM
  7. iNT3Rv3NTiONZz's Avatar
    LOLOL. Apple probably hates Pod2G.
    Hate him? Did you read the article? They can't thank him enough for finding a security flaw, which they can now fix, thus making iOS even more secure. You mad bro?

    iPhone4 16gb black - 4.1 Limera1ned
    iPhone 3G 16gb white - 3.1.2 jailbroken
    Blackra1ned
    THANKYOU ONCE AGAIN GEOHOT!
    2012-08-18 04:15 PM
  8. mmaboi21's Avatar
    Great advertisement for people wanting to jack my phone up.
    2012-08-18 04:46 PM
  9. Micturition's Avatar
    The funny thing is that nobody thinks it could possibly be there on purpose. Patriot Act? Has anyone checked Android Blackberry WP7? Maybe they need to redirect some messages to there server, where they scan for potentially threatening messages or signs of terrorism, and if clean they just re-spoof and send it to the original recipient. Just a thought
    2012-08-18 05:47 PM
  10. H4CK3R's Avatar
    The funny thing is that nobody thinks it could possibly be there on purpose. Patriot Act? Has anyone checked Android Blackberry WP7? Maybe they need to redirect some messages to there server, where they scan for potentially threatening messages or signs of terrorism, and if clean they just re-spoof and send it to the original recipient. Just a thought
    I doubt it, probably just another one of Apple's mistakes in the software.
    2012-08-18 06:18 PM
  11. MooShoo's Avatar
    Apple don't do anything in private. They ignore it and hope it goes away so you need to make things public so they get off their pile of money and do something about it.
    They think their systems are unhackable and virus proof but they are way off.
    Really? Apple always ignores the security issues and pushes out updates? Is that why there is an IOS update every month that we have to avoid so we can keep our jailbreak? Very ignorant statement.
    2012-08-18 06:44 PM
  12. Anonymous's Avatar
    Really? Apple always ignores the security issues and pushes out updates? Is that why there is an IOS update every month that we have to avoid so we can keep our jailbreak? Very ignorant statement.
    Ignore the troll.
    2012-08-18 07:38 PM
  13. oraaron's Avatar
    LOLOL. Apple probably hates Pod2G.
    Apple is a company. Certain employees are probably as appreciative of this as I am, while I'm sure others ignorantly wish no one would ever discover their lapses. You can't just assume "Apple" prefers ignorant bliss, especially based on their impressive response times to similar issues in the past.
    2012-08-18 08:06 PM
  14. Anthony Bouchard's Avatar
    Apple responded to the flaw by telling users that they should use iMessage wherever possible and exercise caution when using SMS. iMessage verifies sender information before delivering it to the victim.
    2012-08-18 09:14 PM
  15. Breezy215's Avatar
    Hate him? Did you read the article? They can't thank him enough for finding a security flaw, which they can now fix, thus making iOS even more secure. You mad bro?
    I think what he meant by that is that they(Apple) probably hates him because he finds many "flaws" in ios, an operating system that Apple brags & boasts on how secure & fool proof it is...Pod2g u rock bro!
    2012-08-18 10:05 PM
  16. Orby's Avatar
    Apple responded to the flaw by telling users that they should use iMessage wherever possible and exercise caution when using SMS. iMessage verifies sender information before delivering it to the victim.
    "Use our proprietary product!" is Apple's answer to a fairly serious security flaw in their implementation of an open standard with far more global application and use than their own?

    ...why am I not feeling the least inkling of surprise?
    2012-08-18 10:27 PM
  17. sziklassy's Avatar
    Really? Apple always ignores the security issues and pushes out updates? Is that why there is an IOS update every month that we have to avoid so we can keep our jailbreak? Very ignorant statement.
    He could have said this more elegantly. Allow me...

    In terms of security, it *seems* that Apple waits for hackers to find an exploit, make it public, and then patches it. Rarely, if every, have I seen iOS updates that claimed there were security patches within that were not done as a direct result of some backdoor some hacker, generally a jailbreak dev, has found. Granted, it is extremely difficult to really know what holes Apple has found through internal research and simply plugged before they made it to us, the end user.
    Last edited by sziklassy; 2012-08-19 at 12:06 AM.
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------
    I once prayed to God for an iPhone, but quickly found out He didn't work that way...so I stole an iPhone and prayed for His forgiveness.

    A dog is the only thing on earth that loves you more than you love yourself. - Josh Billings
    2012-08-19 12:03 AM
  18. MooShoo's Avatar
    He could have said this more elegantly. Allow me...

    In terms of security, it *seems* that Apple waits for hackers to find an exploit, make it public, and then patches it. Rarely, if every, have I seen iOS updates that claimed there were security patches within that were not done as a direct result of some backdoor some hacker, generally a jailbreak dev, has found. Granted, it is extremely difficult to really know what holes Apple has found through internal research and simply plugged before they made it to us, the end user.
    That is very true and well put. Couldn't agree more.
    2012-08-19 01:33 AM
  19. iH85CH001's Avatar
    Great advertisement for people wanting to jack my phone up.
    This is what i was thinking.
    2012-08-19 04:43 AM
LINK TO POST COPIED TO CLIPBOARD