Ever received a text from your bank on your iPhone? You may want to take a closer look and make sure it's the real deal.
A hacker who goes by the handle "pod2g" says a security flaw has made receiving texts on an iPhone insecure since the inception of iOS, and that the vulnerability still remains in the latest beta of iOS 6.
The issue lies in the header of a SMS message, which includes both the originating number of the message and a reply-to number. According to pod2G, the iPhone only displays the reply-to number and loses track of the originating number, which creates a few possible problems:
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated Web site. [phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them. More
Yesterday I reported on revelations that iPhones may be particularly vulnerable to an SMS spoofing attack. Basically, because of the way iOS handles text headers, a nasty person could manipulate the "reply-to" number to appear to be someone they're not, like a financial institution.