Information Security News mailing list archives
Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 21 Aug 2012 04:04:16 -0500 (CDT)
http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240005872/don-t-trust-that-text-message-tool-simplifies-ios-sms-spoofing.html By Kelly Jackson Higgins Dark Reading Aug 20, 2012A French researcher has unleashed a free tool that exploits a weakness he recently highlighted in the SMS feature of Apple's iOS that could allow an attacker to spoof the sender of a text message.
The new tool, created by researcher pod2g, basically lets an attacker send a text message that appears to be from someone you know or trust -- such as your bank.
But the vulnerability isn't in the smartphone itself, says Errata Security CTO David Maynor; rather, it's in the network transporting the SMS messages. And there are already services available, such as SMSGang's Spoof SMS Service, that provide spoofing, Maynor says. The new tool just automates SMS-spoofing, he says.
"It's a network problem," Maynor says of the issue. Even so, phone manufacturers could add some protections for this attack that help prevent malicious activity at the User Data Header (UDH) used in SMS, he says.
[...]
Current thread:
- Don't Trust That Text Message: Tool Simplifies iOS SMS-Spoofing InfoSec News (Aug 21)