Apple iPhone SMS Spoofing Bug Warning

Short Message Service (SMS) is a text messaging service that is used by mobile devices (usually cellphones) to exchange short text messages between each other.

What causes this exploit is how Apple iOS implements User Data Header (UDH) of the text messaging service, which allows the phone number the text is suppose to be sent from, to be changed to another number.

A scammer can use this exploit to send a message to his victim with a link to a phishing (malicious) website and change the telephone number the text is being sent from, to the victim's bank or other trusted institutions telephone number.

Phishing is an attempt to acquire information such as usernames, passwords, credit card and personal information by impersonating legitimate websites.

The victim will click on the link not knowning it goes to a malicious website and trusting it is safe because the text message appeared to have came from their bank or another trusted institution.

After clicking on the malicious link, the victim maybe taken to the phishing website and ask to enter their username, password, credit card and personal information. If the victim enters his/her information, it will be sent to the scammers behind this exploit which will be use to defraud the victim.

This technique of changing the phone number that a text message is being sent from, is called SMS spoofing. Your computer's IP address, cellphone number and email address can also be spoofed.

Please be careful when clicking on links in a text or e-mail message. Ensure that your address bar has the correct website address.

For example, if you are asked to login to your hotmail account, ensure that the address bar has the address live.com and no other addresses.