The ability to spoof the reply-to information on Apple iOS SMS messages is a reminder that such messages should not be considered any more secure than email when it comes to authenticating senders, experts say.
A scheme for spoofing the information was disclosed Aug. 17 on a blog dedicated to research on Apple iOS security. The issue allows attackers to disguise the sender and potentially trick whoever receives the message by modifying the SMS data header. This allows the attacker to include a different reply-to number and possibly impersonate other people or organizations.
“If you either own a smartphone, or a modem and an account in a SMS gateway, you can send texts in raw PDU format (some services also exist to send a text with an HTTP request in raw PDU format),” blogged researcher Pod2g, who disclosed the flaw last week.
“In the text payload, a section called UDH (User Data Header) is optional but defines lot(s) of advanced features not all mobiles are compatible with,” the researcher continued. “One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.” (Read More)