Useful Hacks, Reviews, Tips and Tricks of anything under the moon and the sun.

Security Flaw in iOS SMS

No comments
Jailbreak developer pod2g had found a security flaw on how iPhone handle SMS messages. It does not involve code execution but he consider it to be severe because of the things you can do with the flaw. In layman's term, when you write an SMS and press send, your phone translate your SMS to PDU (Protocol Description Unit) language and then transmit it across the network to its recipient. PDU is a set of standard language for SMS technology. If a hacker understands how to create raw PDU text format, he can create a nasty message and change the User Header so it would appear as if it coming from a person you know.

Apple has claimed that the vulnerability lies in SMS technology and not in iOS itself. This is partly true because all phone that uses SMS are vulnerable but iOS devices are more tempting target because of the way how Apple handle SMS messages. Apple is well-known creator of simple UI so instead of raw message it provide users the simplest form. Of course this is not bad at all but a simple additional info is not bad either. pod2g suggests that Apple should display the original phone number and the reply-to to track the origin of the message.

Read the full article of pod2g here.

No comments :

Post a Comment