pod2g exposes serious iOS SMS flaw
A flaw found in Apple's iPhone that can allow text messages to sidestep Apple's safeguard is "severe", according to an iPhone security researcher. In a blog posting, pod2g explains:
I mentioned it on twitter a few days ago, I found a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.
The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4. Apple: please fix before the final release. A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it is converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery.
PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, ... The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...
- Mon, 2013-05-13 12:02
- Thu, 2013-04-25 06:32
- Wed, 2013-04-17 14:38