iOS hacker Pod2g has today uncovered a flaw in the security of iOS regarding the handling of SMS messages. In Pod2g’s blog post, he writes:
“…In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.”
The rogue feature enables users to change the address that the reply message of a text is sent to. For example, I send a text to TiP_Cam, but I use these options to change the reply address so that Cam’s response is sent to Quentin, TiP_Jake’s affectionately named iPhone.
The problem lies in the fact that iOS only displays the reply-to number. In the afore mentioned scenario therefore, if contact names were removed, Cam would be under the impression that the text I had sent had actually come from TiP_Jake.
This problem has been around ever since the original version of iOS, and will still be present in the release of iOS 6 unless something is done about it.
If this feature remains, it could lead to problems such as text spoofing, and it would make it very hard to verify the source of texts in important situations. This flaw definitely needs to be removed from iOS, and I’m very surprised that it has remained in iOS for so long.
