Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researcher Finds iPhone Bug Allows SMS Spoofing

Trailrunner7 (1100399) writes | more than 2 years ago

Iphone 0

Trailrunner7 (1100399) writes "The iPhone SMS app contains a quirky bug that could allow someone to send a user a text message that appears to come from any number that the sender specifies. The researcher who discovered the bug said that it could be used by attackers to spoof messages from a bank or credit card company and send the victim to a target site controlled by the attacker.

The issue lies in the way that Apple iOS implements a section of the SMS message called User Data Header (UDH), which has a number of options, one of which allows the user to change the phone number that the text message appears to come from.

So for example, an attacker could send a text message to a victim, impersonating the victim's bank and then directing the victim to a phishing site. The advent of mobile banking apps, some of which use SMS messages for out-of-band authentication, makes this kind of attack vector perhaps more worrisome and useful for attackers than it would seem at first blush."

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?