iPhone Security Issue Opens Door to SMS Spoofing
Jailbreak hacker and security researcher pod2g today revealed a newly-discovered security issue in all versions of iOS that could allow malicious parties to spoof SMS messages, making a recipient think that a message came from a trusted sender when it in fact came from the malicious party.
The issue is related to iOS's handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to something other than the sending number. The iPhone's handling of this optional information could leave recipients open to targeted SMS spoofing attacks.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.
In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you [lose] track of the origin.
pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.
In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution. But with the issue resulting in recipients being shown the reply-to address, an attack could be discovered or thwarted simply by replying to the message, as the return message would go to the familiar contact rather than the malicious one.
Popular Stories
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
With the second release candidate of iOS 18.4 that Apple seeded out today, the company finally provided us with release notes that give a full rundown on what to expect.
There's an Apple Vision Pro app, new Apple Intelligence features for notifications and additional language support, plus an Apple News Food feature for Apple News+ subscribers, and several updates that should improve the...
Apple is reportedly working on a new Magic Mouse. Below, we recap what to expect.
The two key rumors for the Magic Mouse 3 so far include a relocated charging port, along with a more ergonomic design.
It was briefly rumored that the Magic Mouse 3 would also feature voice control, but that was misinterpreted information.
Relocated Charging Port
While the Magic Mouse switched from...
Apple's big developer event is a little over two months away, and rumors about what we can expect to see in Apple's next major operating system updates are becoming increasingly frequent.
A public release of iOS 18.4 is also imminent with a number of updates and improvements, although we won't be getting the major Apple Intelligence Siri upgrades that had reportedly been planned for this...
We've been hearing rumors about a foldable iPhone for almost a decade now, but it looks like we might finally see the device come to fruition in 2026. We're going to be waiting many more months for the foldable iPhone, but so far we're hearing good things.
Apple wants to make it creaseless. It's taken Apple multiple years to design a foldable iPhone that it's satisfied with because Apple ...
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3.
Subscribe to the MacRumors YouTube channel for more videos.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
Multiple sources have claimed that iOS 19 will introduce a new design with more translucent buttons, menus, notification banners, and more, and there is now another clue that points towards this glass-like appearance.
Bloomberg's Mark Gurman today said the new design project is codenamed "Solarium" internally. A solarium is a room with glass walls that allow in plenty of sunlight, so this...
Apple's next-generation iPad Pro models with the M5 chip will "launch this year," according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman said the new iPad Pro models have progressed to an "advanced testing" stage, and he expects mass production of the devices to begin in the second half of this year. If that timeframe is met, the new iPad Pro models could launch...
