Lookout iPhone SMS Users
Apple is getting exposed with a jailbreaker claiming an SMS vulnerability. Apple’s iOS reads key SMS data which allows scammers to break in and access sensitive information from iPhone users. This breach allows the hacker to change the reply to a number in an SMS text, so the user could be easily duped into thinking they are receiving a text from a trusted source, when it is actually someone on the other end trying to gain your sensitive information.
IT departments with BYOD (Bring your own devices) policies should notify and caution their users of this potential scam. The main issue is that there is no way to track the hacker conducting the scam, since there isn’t a way to verify the sender.
The jailbreaker, who goes by the handle Pod2g, has identified this scam in a blog entry. His post titled, “Never trust SMS: iOS text spoofing,” explains, “In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. […] In a good implementation of this, the receiver would see [both] the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin.”
Pod2g intends to release his own tool showing proof of this breach’s existence,which he claims has been around since the original iPhone. Apple is urged to take action and fix this issue soon. These attacks can easily dupe users into clicking on bad links that can potentially contain malware and viruses, that can easily steal personal information from your phone. In recent attacks, hackers have been able to obtain banking and personal information from users which has resulted in their personal identification becoming comprised from their online accounts.
Talk to your IT department about protecting your information and finding the right resources to protect your smartphone or mobile device. Malware attacks from hackers are at its peak levels this year already. Don’t be duped!