A well-known hacker on Friday revealed a major security flaw in iOS based devices. According to the hacker, the iPhone security flaw has been part of the platform since 2007. Revealed by hacker “pod2g” details of the vulnerability were released with a warning to users. The security vulnerability affects devices through the company’s upcoming iOS 6 platform.
In his report, pod2g wrote on his blog that the ‘reply-to’ number that displays when an iPhone user views an SMS can be easily manipulated to display a number that doesn’t correspond with the senders number. Using the method he outlines, hackers can send messages that appear to be from a trusted source. Once a user responds to an SMS, it is auto routed back to the hacker’s chosen phone number.
According to Pod2g, the iPhone is not the only device vulnerable to this type of attack:
“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.”
Until the flaw is dealt with, pod2g is warning users to avoid any SMS messages that send advertisements or questionable content.
In the meantime, be prepared to update your iOS version as new options become available; as exploits are discovered, Apple typically works quickly to fix those issue whenever possible.