Although we’ve seen the lengths Apple will go to in regards to their security implementation for iOS devices, Pod2g has uncovered a major SMS security flaw for the platform.
His explanation of the the SMS flaw (via iDownloadBlog) confirms that how the iPhone handles SMS could potentially leave a security gap that could get an iOS device owner to believe the SMS is legit.
A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery.
In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.
Pod2g stressed that the security flaw initially appeared in the original iPhone, while it also exists within the more recent iOS 6 beta 4.