AppleInsider StaffLess than one month after a hacker discovered an SMS spoofing flaw within iOS, Apple has apparently patched the vulnerability in its newly-released iOS 6 mobile operating system.
According to website iJailbreak, the flaw uncovered in August by "pod2g" has been fixed.
The bug was related to how previous iterations of iOS handled incoming SMS messages, with the system supporting certain optional features in the SMS specification's User Data Header, including a "reply to" address. A malicious user was able to send spoofed SMS messages to an iPhone owner using any chosen reply number. Because not all phones support the advanced feature, most carriers neglect to check that part of the message, meaning the the vulnerability was seemingly limited to iPhone users.
With iOS 6, Apple has reportedly patched the flaw, no longer allowing SMS spoofing to trick iPhone users into thinking they are receiving a message from a known party.
Charles Martin
Marko Zivkovic
Wesley Hilliard
Andrew Orr
Malcolm Owen
David Schloss
4 Comments
Now all Apple has to do is fix the problem at its source and get somebody to go patch the hacker...
As i understand, iPhone's implementation was, er, unique among manufacturers for this aspect of SMS?
[quote name="djsherly" url="/t/152736/apple-reportedly-fixes-sms-spoofing-flaw-with-ios-6#post_2193640"]As i understand, iPhone's implementation was, er, unique among manufacturers for this aspect of SMS? [/quote] From all the articles I read, it was a flaw in many smart and dumb phones. It was also a non issue unless you actually responded to an unknown text aka they can't spoof your friends, if you don't respond to the random text?
From the linked article which exposed the issue (http://www.pod2g.org/2012/08/never-trust-sms-ios-text-spoofing.html), not true:
"On iPhone, when you see the message, *it seems to come from the reply-to number*, and you loose track of the origin."