Click to Skip Ad
Closing in...

Major iPhone security flaw uncovered by hacker

A major security flaw that has existed in Apple’s (AAPL) iPhone since the device was first released in 2007 has been revealed by a well-known hacker. The iOS security researcher, known publicly only as “pod2g,” on Friday published details about the vulnerability, which affects all versions of iOS through to the latest beta release of iOS 6.

According to pod2g’s report, the reply-to number that is displayed when an iPhone user views an SMS can easily be manipulated to display a number other than the one sending the message. Using a simple procedure, this exploit can be used by malicious attackers to send messages that appear to be from a trusted source — a bank, perhaps — but any replies to the SMS would be routed to a separate phone number without the sender’s knowledge.

Pod2g notes that the iPhone is not the only handset vulnerable to the flaw.

“In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with,” he explained. “One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.”

The researcher says this security flaw is severe and he urges users to be wary of any SMS messages asking for sensitive information.

Zach Epstein

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content.

Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment. His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.