iPhone SMS spoofing tool released

Powered by SC Magazine
 

Apple warns users to stay off SMS.

A French hacker has released a tool capable of sending SMSes with spoofed sender details on the iPhone 4.

The sendrawpdu command line interface tool allows users to customise the reply number on SMSes and could be ideal for phishing attacks.

The hacker, known as pod2g, released the free tool after detailing a flaw in the way the iPhone handled SMSes which made it possible to spoof sender details.

“Pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated [phishing] website,” pod2g said in a blog

The vulnerability existed on other mobile devices and all versions of Apple’s iOS platform including the upcoming iOS 6, according to pod2g.

"If the destination mobile is compatible with (User Data Header features), and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one,” pod2g wrote.

“Most carriers don't check this part of the message, which means one can write whatever he wants in this section.

“In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin.”

Apple urged customers to use its iMessage service because it verified the address from which messages were sent, unlike its SMS app which displayed the vulnerable reply-to address.

iMessages were only available between iOS and OS X devices.

“When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attack, Apple said in a statement.

“One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS.”

Website SMSspoofing.com pointed out that dozens of paid SMS spoofing services exist online, and said Australia and Europe were “two of the easiest places to spoof SMS messages to”.

Senddrawpdu was based on sendmodem and could be downloaded for jailbroken iPhone 4 devices from github.

Copyright © SC Magazine, Australia


iPhone SMS spoofing tool released
Tags
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 338

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 143

Vote