Although we’ve seen the lengths Apple will go to in regards to their security implementation for iOS devices, Pod2g has uncovered a major SMS security flaw for the platform.
A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it’s converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery.
In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer the text, he will not respond to the original number, but to the specified one.
Pod2g stressed that the security flaw initially appeared in the original iPhone, while it also exists within the more recent iOS 6 beta 4.