TECHNOLOGY

SMS Spoofing: iOS Flaw Could Hide Identity Of Text Message Sender

08/17/2012 05:48 pm ET | Updated Aug 17, 2012

If a new report is to be believed, scam artists may have another channel to trick you into revealing important information or swindle you out of your hard-earned dough.

A flaw in the iPhone software that handles text messages leaves open the possibility that a keen hacker could impersonate someone else, according to Pod2g, a French hacker who dabbles in Apple security.

That means you could theoretically receive a text message from a person you believe is a family member, and be persuaded to do any number of things, like wire money or reveal critical data like a social security or PIN number. PC Mag also points out an enterprising hacker could contact you via text from what appears to be your bank's phone number, and direct you to a spoofed website, from where they could steal your data.

Pod2g explains the flaw exists in an optional set of code at the beginning of an SMS message. The code, known as the User Data Header (UDH), can include information specifying a different "reply" number than the number it was actually sent from.

Most cell phone carriers don't keep track of that part of the SMS, which means it could be easy to manipulate. And since iPhones only display the "reply to" part of the message, Apple Insider points out iOS users have no way to double-check their response is headed to the person they thought sent the text in the first place.

In the blog, Pod2g requests Apple address this issue in the upcoming release of iOS 6, expected in mid September. The blog ends, "Now you are alerted. Never trust any SMS you received on your iPhone at first sight." Eek!

Also on HuffPost:

11 Bad Habits We Picked Up From Our iPhones
Suggest a correction
193 Comments

CONVERSATIONS