A new report by pod2g says that iOS has been vulnerable to SMS spoofing since its inception, and isn't even fixed in the latest beta version of iOS 6. He is urging Apple to fix the problem. pod2g explains why iOS is vulnerable on his blog:
Apple is apparently grabbing the reply-to address from the message's User Data Header rather than the raw source. This leaves them open to spoofing. pod2g lists a few ways that hackers could mess with your iPhone:
pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
one could send a spoofed message to your device and use it as a false evidence.
anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, ...
The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...
The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...
Apple is apparently grabbing the reply-to address from the message's User Data Header rather than the raw source. This leaves them open to spoofing. pod2g lists a few ways that hackers could mess with your iPhone: