iPhone SMS spoofing tool surfaces

After outing a vulnerability in iOS' handling of text messages, the same hacker drops a tool to exploit it.

Fake sandwich orders could be just the beginning... CNET

A French hacker is playing "tell and show" with a security flaw in iOS and how the iPhone handles SMS.

Last week, " Pod2g " released details of the vulnerability, which is still present in the latest beta of iOS 6, that could make iPhones a bit more exposed to spoofed texts or phishing scams. The missive included a plea to Apple to fix the security hole before the final release of iOS 6.

Until that happens, however, the same hacker is apparently quite happy to help others exploit the fact that iOS shows the "reply-to" number of a text by default. Shortly after blogging about the vulnerability and appealing to Apple, Pod2g released a tool called "sendrawpdu" that it says provides access to an SMS header and can be used for spoofing the reply-to field -- although it doesn't explicitly encourage such a use.

At least Pod2g was kind enough to warn us before adding another tool for digital deception to the world. Seems sporting, like a 30-second headstart to evade a flood of spoofed texts appearing to be from Citibank, or maybe the White House, or almost certainly -- Apple.

I've reached out to Apple multiple times for comment on the SMS security issue and not heard back. I will continue to do so and update this post when I hear anything. An Apple representative did tell Engadget that spoofed messages are one of the "limitations of SMS," and encouraged users to exercise caution when an unknown Web address pops up in a text.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Want affordable gadgets for your student?

Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!