Ever received a text from your bank on your iPhone? You may want to take a closer look and make sure it's the real deal.
A hacker who goes by the handle "pod2g" says a security flaw has made receiving texts on an iPhone insecure since the inception of iOS, and that the vulnerability still remains in the latest beta of iOS 6.
The issue lies in the header of a SMS message, which includes both the originating number of the message and a reply-to number. According to pod2G, the iPhone only displays the reply-to number and loses track of the originating number, which creates a few possible problems:
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated Web site. [phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
I've made multiple calls and sent e-mails to Apple for comment and will update this post when I hear back.
In the meantime, if you receive any texts from the Bank of Nigeria about your new account, it probably isn't really an inheritance from your late uncle who forgot to mention his existence while he was alive. Consider yourself warned.