Pod2g is a famous hacker who has done wonders in the field of Jailbreak and people all over the World have followed him for his great achievements. His recent success was untethered Jailbreak of iOS 5.1.1 with Absinthe tool. He was the key hacker who found some exploits in the iOS 5.1.1 and made his way to Jailbreak along with inputs of Chronic Dev Team. This was the wonder done by hacking community which has helped a large number of people were anxiously waiting for Jailbreak of their iPhone, iPad or iPod Touch. But keeping aside the positive aspect of what Pod2g has explored for us, there are also some negative aspects on which he wants users and Apple to focus. Other side of this picture is HACKING which is very dangerous and anyone who can find breaches in security system of Apple can also find same loop holes in your personal devices. Don’t be afraid as he is not going to be on negative side rather he has just highlighted the issue for users consumption.
Now the with the sheer hard work he has found flaw what he believes is a “severe” flaw in iOS that allows spoofing of SMS messages. He is a strong believer of the fact that all those hackers who are involved in finding security breaches in Apple’s operating system must be in knowledge of this breach. When you are replying to SMS message it is converted into a format which baseband can send to the receiving phone. Now, if you have either a smartphone or modem and an account in SMS gateway, you have the ability to send text messages in raw PDU which allows you to spoof from whom the message was sent. The User Data Header of the message allows the sender to change various things, like the reply path of message, meaning that a person could hit reply over malicious text which appears to be from a known sender, but the reply path has been altered behind-the-scenes to reply which is not known to normal user.
A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it is converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery.
Pod2g said that is going to release a tool which he developed for the iPhone 4, which will allow users to send messages in raw PDU format, ensuring security for the time being till Apple officially releases a patch for it. However, it is concerning that this SMS flaw is there since the beginning of SMS and is still exists in the latest beta of iOS 6.
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.