Tuesday, August 21, 2012

What You Should Know About the iPhone SMS Spoof Attack

SMS text messaging is certainly not exclusive to Apple or its iconic iPhone smartphone. But, apparently there is something unique about the way Apple delivers SMS messages that makes the iPhone particularly vulnerable to spoofing or smishing (SMS phishing) attacks.


iOS security researcher wrote a blog post detailing the discovery. When an SMS text message is sent, part of the header information contains the actual number the message originated from. However, there is also an optional header called the UDH (User Data Header) which allows for a different Reply To address to be entered.
Some mobile platforms display both the actual originating number and the information from the Reply To field, hopefully raising some red flags for the recipient if the two are different. Apple’s iOS only displays--and responds to--the address specified in the Reply To field.
Why is that a problem? Well, if an attacker knows the phone number of your financial institution, or your Mom, or your boss, he (or she) could send a text message to your iPhone that appears to originate from that number. On an iPhone, the SMS text message would seem to be from a legitimate source, and you’d be much more likely to respond, or comply with requests for sensitive information you normally wouldn’t share.
More here: http://www.pcworld.com/article/261118/what_you_should_know_about_the_iphone_sms_spoof_attack.html

1 comment:

Gainesville sms marketing said...

Great way to promote products and services is through sms marketing.

Gainesville sms marketing