'Hocus Pocus 2' Review Wi-Fi 6 Router With Built-In VPN Sleep Trackers Capital One Claim Deadline Watch Tesla AI Day Student Loan Forgiveness Best Meal Delivery Services Vitamins for Flu Season
Want CNET to notify you of price drops and the latest stories?
No, thank you

iPhone SMS spoofing tool surfaces

After outing a vulnerability in iOS' handling of text messages, the same hacker drops a tool to exploit it.

Fake sandwich orders could be just the beginning... CNET

A French hacker is playing "tell and show" with a security flaw in iOS and how the iPhone handles SMS.

Last week, "Pod2g" released details of the vulnerability, which is still present in the latest beta of iOS 6, that could make iPhones a bit more exposed to spoofed texts or phishing scams. The missive included a plea to Apple to fix the security hole before the final release of iOS 6.

Until that happens, however, the same hacker is apparently quite happy to help others exploit the fact that iOS shows the "reply-to" number of a text by default. Shortly after blogging about the vulnerability and appealing to Apple, Pod2g released a tool called "sendrawpdu" that it says provides access to an SMS header and can be used for spoofing the reply-to field -- although it doesn't explicitly encourage such a use.

At least Pod2g was kind enough to warn us before adding another tool for digital deception to the world. Seems sporting, like a 30-second headstart to evade a flood of spoofed texts appearing to be from Citibank, or maybe the White House, or almost certainly -- Apple.

I've reached out to Apple multiple times for comment on the SMS security issue and not heard back. I will continue to do so and update this post when I hear anything. An Apple representative did tell Engadget that spoofed messages are one of the "limitations of SMS," and encouraged users to exercise caution when an unknown Web address pops up in a text.