17 Gifts at All-Time Lows Gifts Under $30 'Forest Bubble' on Mars RSV and the Holidays MyHeritage 'AI Time Machine' Postage Stamp Price Increase Household Items on Amazon Melatonin vs. GABA
Want CNET to notify you of price drops and the latest stories?
No, thank you

iPhone has texting security flaw, says researcher

A bug that sees iPhone owners tricked into sending texts to an incorrect number has come to light.

A security loophole present in Apple's iOS operating system has come to light, and could see iPhone owners tricked into sending texts to an incorrect number.

iOS security researcher pod2g claims to have noticed the flaw, which they categorise as 'severe', noting that other security researchers are probably already aware of the glitch.

Pod2g explains that if you have a mind to, it's possible to send text messages in their raw PDU (protocol description unit) form. Within this there's a section called the UDH (user data header) which lets you edit options, including altering the reply address of the text.

This would mean that when you reply to the text, your message could end up getting sent to a different place to where it came from.

The issue appears to be in the way that the iPhone displays messages, with modified texts appearing to have come from the reply-to address. So you could be sent a message that appears to come from someone you know (pod2g uses the example of a what seems to be your bank) but were you to reply, the message would get sent elsewhere.

The security researcher says that the glitch has been present since texting first appeared on the iPhone, and is still present in the latest beta version of iOS 6. Pod2g pleads, "Apple: please fix before the final release".

Hopefully more will become known about the potential flaw soon, including whether any other smart phones could be affected. Fingers crossed Apple can offer an explanation soon, and patch up any existing security holes.

Apple's security has come under scrutiny recently, after it was revealed that it's none too tricky to hack into someone's iCloud account and wipe their devices.

How's your digital security? Are your passwords secure, and do you have two-step verification turned on for your Gmail and Facebook? Tell me in the comments or on our Facebook wall.