Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Bug Communications IOS Iphone Security Apple

iPhone Bug Allows SMS Spoofing 92

Posted by Soulskill
from the working-as-intend-ish dept.
Trailrunner7 writes "The iPhone SMS app contains a quirky bug that could allow someone to send a user a text message that appears to come from any number that the sender specifies. The researcher who discovered the bug said it could be used by attackers to spoof messages from a bank or credit card company and send the victim to a target site controlled by the attacker. The issue lies in the way iOS implements a section of the SMS message called User Data Header, which has a number of options, one of which allows the user to change the phone number that the text message appears to come from. The advent of mobile banking apps, some of which use SMS messages for out-of-band authentication, makes this kind of attack vector perhaps more worrisome and useful for attackers than it would seem at first blush."
This discussion has been archived. No new comments can be posted.

iPhone Bug Allows SMS Spoofing

Comments Filter:
  • That's not news (Score:5, Informative)

    by psergiu (67614) on Friday August 17, 2012 @04:32PM (#41030149)

    As long as you are allowed to mess with the SMS message header, you can do this on ANY phone - it's part of the GSM standard - Small Message Service was intended for testing & internal use, nowhere is stated that the "Sender" field must be the actual sending phone number. In fact, that field is alphanumerical, you can put anything in there, not just numbers. Also, there's nothing in the GSM network to prevent this, the message is routed by destination, not by sender.

    I was sending "faked" messages like those over 10 years ago using the "service" menus on old Nokia & Motorola GSM phones.

    Anyone relying on those SMS headers for authentication is either stupid or malicious.

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant

Working...