• Home
  • Apple News
  • Jailbreak News
  • Android News
  • Wallpapers
  • Deals

iJailbreak | Jailbreak And iOS News

iJailbreak is an online resource for jailbreak and unlock iPhone, iPad, iPod Touch, Apple TV and iOS news.

  • How To Jailbreak
    • Cydia Installer: Everything You Need To Know
    • What Is Jailbreaking? Why Should I Jailbreak?
    • Untethered vs Tethered vs SemiTethered Jailbreak
  • Jailbreak Software Tools
    • PP Jailbreak
    • TaiG
    • Pangu
    • Evasi0n (Evasi0n7)
    • Absinthe
    • JailbreakMe.com
    • RedSn0w
    • GreenPois0n
    • Sn0wBreeze
    • PwnageTool
    • LimeRa1n
    • Spirit
    • BlackRa1n
    • Seas0nPass
    • Developers
  • How To Unlock
  • How To Downgrade
    • How To Save SHSH Blobs
    • TinyUmbrella
    • iFaith
    • F0recast
  • Cydia Tweaks
    • Top / Best Cydia Tweaks
    • Best Cydia Sources
    • Siri Cydia Tweaks, Hacks, Mods
    • Spire Proxy Host List
  • How To Root
    • Top / Best Custom ROMs
  • Downloads

Pod2G Discovers A Severe iOS SMS Flaw “Never Trust Any SMS You Received On Your iPhone At First Sight”

August 17, 2012 by Jaden Easton-Ellett 2 Comments

Hacker Pod2G developed the first iOS 5.01 Untethered Jailbreak and more recently has been known for being one of the head figures behind the iOS 5.1.1 Untethered Jailbreak. Today Pod2G has taken to his blog to alert the community to a flaw he found in iOS that he considers to be extremely severe.

Pod2G iOS SMS Flaw

Apparently this flaw has existed since the beginning of the implementation of SMS in the iPhone and even in the latest iOS 6 beta 4 firmware it is still present. What is this flaw? Well, before you can truly understand this flaw you need a little background information on how an SMS text works.

A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it is converted to PDU (Protocol Description Unit)  by the mobile and passed to the baseband for delivery.

Essentially when you are composing or replying to an SMS message it needs to be converted to a format that the baseband can send to the receiving phone. The problem is, if you own either a smartphone or modem and an account in a SMS gateway you can send text messages in raw PDU that will allow you to spoof who the message was sent from.

In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.

As Pod2G has outlined this could be a very bad flaw that pirates could use to their advantage to try to steal sensitive information from you. It also means people could be easily manipulated, thinking they are replying to someone or something that in reality they are not.

  • pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
  • one could send a spoofed message to your device and use it as a false evidence.
  • anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.

Now that you are aware of this flaw in iOS, always ensure you double check to see the number you are replying to. As you never know if you could be victim to this severe SMS flaw.

Comments

  1. Joseph Seals says

    August 17, 2012 at 3:45 pm

    why the hell would you, text your info to a bank. that is just stupid

  2. Jaden says

    August 17, 2012 at 4:33 pm

    You would be surprised what some people would do my friend… I have heard worse horror stories of people’s idiocy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Read Our Most Recent Articles

Untethered iOS 12 Jailbreak Demoed by Ali Security
Untethered iOS 12 Jailbreak Demoed by Ali Security
iOS 12 Now Available for Download: Compatible Devices
iOS 12 Now Available for Download: Compatible Devices
iPhone X Discontinued, iPhone 8 and iPhone 7 Prices Slashed
iPhone X Discontinued, iPhone 8 and iPhone 7 Prices Slashed
Apple iPhone Xs, iPhone Xs Max, and iPhone Xr Announced
Apple iPhone Xs, iPhone Xs Max, and iPhone Xr Announced
Apple Watch Series 4 Announced With Larger Display, Louder Speaker, and More
Apple Watch Series 4 Announced With Larger Display, Louder Speaker, and More

Follow Our How To Guides

Want To Jailbreak Your Windows Phone, Now You Can! [ChevronWP7]
Want To Jailbreak Your Windows Phone, Now You Can! [ChevronWP7]
How To Add Custom Fonts To iOS Without Jailbreaking
How To Add Custom Fonts To iOS Without Jailbreaking
Learn How To Install The Icy Installer on your iDevice! [iOS4 Compatible]
Learn How To Install The Icy Installer on your iDevice! [iOS4 Compatible]
How To Downgrade From iOS 7.1 Beta To iOS 7.0.4
How To Downgrade From iOS 7.1 Beta To iOS 7.0.4
How To: Troubleshoot Mobile Substrate Cydia Tweaks With SBSettings On iPhone, iPad, iPod Touch
How To: Troubleshoot Mobile Substrate Cydia Tweaks With SBSettings On iPhone, iPad, iPod Touch
About | Contact | Advertise | RSS Feed | Sitemap | TOS | Privacy Policy

© Copyright 2010 - 2021 iJailbreak. All Rights Reserved.