pod2g exposes serious iOS SMS flaw

A flaw found in Apple's iPhone that can allow text messages to sidestep Apple's safeguard is "severe", according to an iPhone security researcher. In a blog posting, pod2g explains:

I mentioned it on twitter a few days ago, I found a flaw in iOS that I consider to be severe, while it does not involve code execution. I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well.

The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4. Apple: please fix before the final release. A SMS text is basically a few bytes of data exchanged between two mobile phones, with the carrier transporting the information. When the user writes a message, it is converted to PDU (Protocol Description Unit)  by the mobile and passed to the baseband for delivery.

PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS,  ... The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...