iPhone Security Issue Opens Door to SMS Spoofing
Jailbreak hacker and security researcher pod2g today revealed a newly-discovered security issue in all versions of iOS that could allow malicious parties to spoof SMS messages, making a recipient think that a message came from a trusted sender when it in fact came from the malicious party.
The issue is related to iOS's handling of User Data Header (UDH) information, an optional section of a text payload that allows users to specify certain information such as changing the reply-to number on a message to something other than the sending number. The iPhone's handling of this optional information could leave recipients open to targeted SMS spoofing attacks.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
Most carriers don't check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.
In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you [lose] track of the origin.
pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.
In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution. But with the issue resulting in recipients being shown the reply-to address, an attack could be discovered or thwarted simply by replying to the message, as the return message would go to the familiar contact rather than the malicious one.
Popular Stories
Apple is not expected to release a standard iPhone 18 model this year, according to a growing number of reports that suggest the company is planning a significant change to its long-standing annual iPhone launch cycle.
Despite the immense success of the iPhone 17 in 2025, the iPhone 18 is not expected to arrive until the spring of 2027, leaving the iPhone 17 in the lineup as the latest...
Language learning app Duolingo has apparently been using the iPhone's Live Activity feature to display ads on the Lock Screen and the Dynamic Island, which violates Apple's design guidelines.
According to multiple reports on Reddit, the Duolingo app has been displaying an ad for a "Super offer," which is Duolingo's paid subscription option.
Apple's guidelines for Live Activity state that...
The company behind the BlackBerry-like Clicks Keyboard accessory for the iPhone today unveiled a new Android 16 smartphone called the Clicks Communicator.
The purpose-built device is designed to be used as a second phone alongside your iPhone, with the intended focus being communication over content consumption. It runs a custom Android launcher that offers a curated selection of messaging...
Apple plans to introduce a 12.9-inch MacBook in spring 2026, according to TrendForce.
In a press release this week, the Taiwanese research firm said this MacBook will be aimed at the entry-level to mid-range market, with "competitive pricing."
TrendForce did not share any further details about this MacBook, but the information that it shared lines up with several rumors about a more...
Apple today announced a number of updates to Apple Fitness+ and activity with the Apple Watch.
The key announcements include:
New Year limited-edition award: Users can win the award by closing all three Activity Rings for seven days in a row in January.
"Quit Quitting" Strava challenge: Available in Strava throughout January, users who log 12 workouts anytime in the month will win an ...
Apple is planning to release a low-cost MacBook in 2026, which will apparently compete with more affordable Chromebooks and Windows PCs. Apple's most affordable Mac right now is the $999 MacBook Air, and the upcoming low-cost MacBook is expected to be cheaper. Here's what we know about the low-cost MacBook so far.
Size
Rumors suggest the low-cost MacBook will have a display that's around 13 ...
Apple hasn't updated the Mac Pro since 2023, and according to recent rumors, there's no update coming in the near future. In fact, Apple might be finished with the Mac Pro.
Bloomberg recently said that the Mac Pro is "on the back burner" and has been "largely written off" by Apple. Apple apparently views the more compact Mac Studio as the ideal high-end pro-level desktop, and it has almost...
