A jailbreaker by the name of “Pod2g” has reportedly discovered a vulnerability in iOS that enables hackers and other general bullies to change the reply-to number in an SMS. You might think you’re getting a text from a trusted source, but it would actually be someone else entirely.
Using some simple trickery, a hacker could alter the number a text looks like it’s coming from a different source, like your bank. Or worse — your mother. Pod2g explains:
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
Most carriers don’t check this part of the message, which means one can write whatever he wants in this section: a special number like [emergency services], or the number of somebody else.
Pod2g said it’s not a flaw that’s exclusive to iOS 6. In fact, it’s been a problem since the iPhone first came out five years ago. The takeaway here is that you should be sceptical of any texts asking for private info. mum, why are you asking me for my social security number? Because I’m a hacker, that’s why! [Pod2g via BGR]