A major security flaw in iOS that allows for spoofing of SMS messages has been discovered by security researcher Pod2g which allow malicious texters to spoof SMS messages and make them appear to come from other person’s mobile phone, potentially getting users to reveal information they normally would not, or rack up inadvertent charges on their bill.
Pod2g outlines some scenarios where this might be dangerous:
“● pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
● one could send a spoofed message to your device and use it as a false evidence.
● anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them. As final warning, it’s suggested that you never trust a SMS received on your iPhone at first sight, at least until Apple fixes the problem.”
The flaw involves a set of header information options that tag along with the actual message body that contain additional information not all smartphones are compatible with. One of the options allows the sender to change the number that the message appears to be sent from and the number the receiver would reply to. “In a good implementation of this, the receiver would see [both] the original phone number and the reply-to one,” the researcher writes. “On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin.”