An iOS security exploit makes SMS unreliable on the iPhone
An SMS security flaw on the iPhone has apparently been in existence since the first days of the Apple device -- way back in June 2007. According to a hacker who goes by the name "pod2g," the flaw in iOS allows manipulation of the reply-to number in an SMS.
This is a big deal because there is a chance you could receive a message from someone other than who you're seeing on your iPhone. This means you could be led to believe that you're receiving an SMS message from your bank, or a friend and the rest is up to your imagination. It's potentially dangerous.
In pod2g's blog, he or she writes:
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
Most carriers don't check this part of the message, which means one can write whatever he wants in this section: a special number like 911, or the number of somebody else.
It's easy to see where an exploit like this can be abused, and the potential troubles it could cause. The hacker says that the exploit is even in iOS beta 6, and asks Apple to "please fix before the final release."
The likelihood that you'll become the victim of such an exploit seems small, but be aware that it exists so if fishy messages start coming to your phone, you'll know to think twice. And never trust text messages that come from banks or anyone else asking you for personal info. That should be common sense!