Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone Security Issue Opens Door to SMS Spoofing
- Thread starter MacRumors
- Start date
- Sort by reaction score
theBB
macrumors 68020
I never received such an SMS message, but many commenters here are claiming that when you start replying, you can see the name/number you are replying to. SMS is easier to spoof certainly, just like caller IDs in phone calls, but none of these are bugs on iOS. The system was designed to be this way decades ago. I don't know why phone companies decided that it was a good idea to allow caller IDs to be changed, not just blocked, but they did. That is not Apple's fault.
Misunderstanding of the problem
I am not sure if lots of you misunderstood the problem. It is not just about the SMS spoofing, which is generally possible (independent of the mobile phone platform).
Imagine the following: you receive an SMS from your phone company. Now the spoofing is used to prepare the whole situation. The fake name is your phone companies name. The fake number is your phone companies real number. If you just have that spoofed SMS, you would reply to your phone company.
Let the text be about "We updated our policy. From now on you will receive daily newsletters. If you dont respond, you agree with the policy".
Now the real stuff starts: The bug in iOS lets the spoofed SMS contain more logic than just the common spoofing stuff, parameters that can re-route the SMS reply to another number than the spoofed number. This one will be a paid service number and will charge your bill.
So, hopefully you understood, that the problem is located on top of the common SMS spoofing and uses additional buggy features of iOS. On Windows Phone or Android, just part 1 is possible.
I am not sure if lots of you misunderstood the problem. It is not just about the SMS spoofing, which is generally possible (independent of the mobile phone platform).
Imagine the following: you receive an SMS from your phone company. Now the spoofing is used to prepare the whole situation. The fake name is your phone companies name. The fake number is your phone companies real number. If you just have that spoofed SMS, you would reply to your phone company.
Let the text be about "We updated our policy. From now on you will receive daily newsletters. If you dont respond, you agree with the policy".
Now the real stuff starts: The bug in iOS lets the spoofed SMS contain more logic than just the common spoofing stuff, parameters that can re-route the SMS reply to another number than the spoofed number. This one will be a paid service number and will charge your bill.
So, hopefully you understood, that the problem is located on top of the common SMS spoofing and uses additional buggy features of iOS. On Windows Phone or Android, just part 1 is possible.
kd5jos
macrumors 6502
How this isn't Apple's issue to deal with...
Read the top answer to the question. Summary:
If customers want a secure platform, they use iMessage. If compatibility is the concern, they use SMS. SMS is not, and has never been designed to be a secure platform.
Telnet is an unsecured communications medium. How many computers pop up a notification that says, "Are you sure you want to use telnet, it sends passwords in cleartext?" Is Apple liable because OS X doesn't have a popup that notifies someone trying to use telnet that it isn't secure?
My turn to ask a question. Why are we bent on finding excuses to make Apple fix this, instead of having the cause of the problem (the SMS standard) fixed? Why is fixing the symptom logical when you can cure it at the cause (the carriers)?
Read the top answer to the question. Summary:
If customers want a secure platform, they use iMessage. If compatibility is the concern, they use SMS. SMS is not, and has never been designed to be a secure platform.
Telnet is an unsecured communications medium. How many computers pop up a notification that says, "Are you sure you want to use telnet, it sends passwords in cleartext?" Is Apple liable because OS X doesn't have a popup that notifies someone trying to use telnet that it isn't secure?
My turn to ask a question. Why are we bent on finding excuses to make Apple fix this, instead of having the cause of the problem (the SMS standard) fixed? Why is fixing the symptom logical when you can cure it at the cause (the carriers)?
This makes sense to me. BTW, I learned today about iMessage. When you send a text message to someone who has an iPhone (and iMessage is turned on in settings) the send button is blue. That means the text is free. When you text to someone without an iPhone, the Send button is green. Green is for pay.
Yes
Some carriers like "Telstra" do implement some of their own security. Once upon a time they used to do from number verification (this was years ago, not sure about now). So while you are correct if you have signed up to a carrier that does extra security then this is adding a flaw.
Even if it's not really adding much of a security flaw it's still a bug in the software, and if the reply-to is legitimately changed the conversation view is broken without you knowing it!
Some carriers like "Telstra" do implement some of their own security. Once upon a time they used to do from number verification (this was years ago, not sure about now). So while you are correct if you have signed up to a carrier that does extra security then this is adding a flaw.
Even if it's not really adding much of a security flaw it's still a bug in the software, and if the reply-to is legitimately changed the conversation view is broken without you knowing it!
Try to understand my posting, than you will see that it is an Apple Security flaw. They shouldnt turn in the additional hooks on top of it.
If you have IOs 17 and the recipient does not and you send a large quantity text over 100 characters in 1 bar or less service this will lead to spoofing that text 50-150 times. Closing out your text app will reset this. Update: you will not incur multiple charges for the text just will get locked out by said user
Jailbreak hacker and security researcher pod2g today revealed a newly-discovered security issue in all versions of iOS that could allow malicious parties to spoof SMS messages, making a recipient think that a message came from a trusted sender when it in fact came from the malicious party.
The issue is related to iOS's handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to something other than the sending number. The iPhone's handling of this optional information could leave recipients open to targeted SMS spoofing attacks.pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.
In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution. But with the issue resulting in recipients being shown the reply-to address, an attack could be discovered or thwarted simply by replying to the message, as the return message would go to the familiar contact rather than the malicious one.
Article Link: iPhone Security Issue Opens Door to SMS Spoofing
