Never trust any SMS

Posted on August 18, 2012


A French hacker and Apple iOS Security Researcher Pod2g yesterday announced a flaw he discovered in Apples iPhone OS.

The iPhone software that handles text messages leaves open the possibility that a “keen hacker” or “419er” could impersonate someone else, this allows for the inclusion of a header in an SMS message. Are our 419ers that intelligent?

Could this be what we have been experiencing in Nigeria since the Advent of [SMS Marketing], SMS gateways and the free and unregulated sales of “Bulk SMS” to nefarious entities?

I have received SMS’s purportedly from MTN’s 180 or some other Short Codes, ID’s either to demand payment for items they claim you have won or point you to a website to complete the “claims” process [phishing] so as to trick you into revealing important and private information or swindle you.

How can you win, when you never participated in a contest? “Greed is what gets you caught” and why would the scammer fail to take out the amount they want you to pay and remit what is left to you?

Pod2g explains the flaw exists in an optional set of code at the beginning of an SMS message. The code, known as the User Data Header (UDH), can include information specifying a different “reply” number than the number it was actually sent from.

Most carriers don’t keep track of that part of the SMS, which means it could be easy to manipulate. And since iPhones only display the “reply to” part of the message, Apple Insider points out iOS users have no way to double-check their response is headed to the person they thought sent the text in the first place.

Does MTN, GLO, Etisalat or Airtel even bother about such a thing? How have they helped in the reduction of such activities, is it possible that they can help? and on second thought, do we need to regulate providers of “Bulk SMS” services?

Someone could send a spoofed message to your device and use it as a false evidence. Anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.

Never trust any SMS you receive on your iPhone or any other device.

Posted in: Uncategorized