Apple iPhone SMS Spoofing Bug Warning
August 20, 2012
The IPhone/IPad Short Message Service (SMS) application (app) has a bug that scammers and hackers could exploit. The bug allows the sending of a text message to someone and changing the phone number the message is being sent from to another. For example, someone could send a text message from 555-555-5500 and change this number to let it appear as if it came from 555-555-5555.
Please continue reading below.
Short Message Service (SMS) is a text messaging service that is used by mobile devices (usually cellphones) to exchange short text messages between each other.
What causes this exploit is how Apple iOS implements User Data Header (UDH) of the text messaging service, which allows the phone number the text is suppose to be sent from, to be changed to another number.
A scammer can use this exploit to send a message to his victim with a link to a phishing (malicious) website and change the telephone number the text is being sent from, to the victim's bank or other trusted institutions telephone number.
Phishing is an attempt to acquire information such as usernames, passwords, credit card and personal information by impersonating legitimate websites.
The victim will click on the link not knowning it goes to a malicious website and trusting it is safe because the text message appeared to have came from their bank or another trusted institution.
After clicking on the malicious link, the victim maybe taken to the phishing website and ask to enter their username, password, credit card and personal information. If the victim enters his/her information, it will be sent to the scammers behind this exploit which will be use to defraud the victim.
This technique of changing the phone number that a text message is being sent from, is called SMS spoofing. Your computer's IP address, cellphone number and email address can also be spoofed.
Please be careful when clicking on links in a text or e-mail message. Ensure that your address bar has the correct website address.
For example, if you are asked to login to your hotmail account, ensure that the address bar has the address live.com and no other addresses.
Please share with us what you know or ask a question about this article, by leaving a comment below. And, forward malicious email messages to us using the following email address: email@example.com .
Alert and help your family and friends by sharing this article with them: