Beware of Spoofed SMS on Your iPhone

There is a serious safety issue with iPhones, which enables “text spoofing.” It is a threat to users’ confidentiality and both virtual and physical safety. While it can be used legitimately, there are a lot of people and companies who would send illegitimate spoofed SMS.

Every mobile user has an experience of SMS spoofing. It can be pretty harmless when you see a name of some trusted company instead of the number: it is much easier to process and filter information in such a way. Still, there are people who use this technology for changing the original number to some other number (but not the name), and, thus, misleading people. In a safe system on one’s smartphone, a receiver will have a feature of seeing an original sender’s number and a changed one (which is seen as a reply-to number), but on the iPhone, people can only see the number for replying, which poses a threat.

SMS-Spoofing

SMS-spoofing is a possibility to send messages with a changed reply-to number, so that a receiver can only send the message back to a completely different number from the one of the original sender. In other words, you may receive a text message with a number of your best friend, for example, with a link to some website, but your friend somehow doesn’t know anything about this. Because you trust, say, your friend, you are more likely to visit the website you’ve been texted about, without having any doubts regarding its safety. There are a lot of examples of spoofed SMS, but the principle is always the same.

When any message is being sent, information within it is converted to the so-called PDU, which stands for Protocol Description Unit. It enables transmission of different types of messages, including SMS, Voice Mail notifications, Flash SMS, etc. Having an account in SMS gateway, combined with smartphone or modem ownership, allow users send text messages in raw PDU format. There are several tools that make the process much easier.

When someone uses one of those text messaging programs for sending messages, he or she can change a reply number in the User Data Header section of the text payload. The result is that a reply-to number is different from the sender’s one, and only the former is displayed on your iPhone, which can seriously mislead many users, the victims of spoofing, or even use the method as a way of forging evidence. It doesn’t really need to be this complicated: it can be enough to install a jailbreak app called SpoofTexting, and that’s it!

The Solution.

Apple, after being notified about the problem with spoof-texting, suggested that all iPhone users try to be careful and rather not trust SMS services of their network carriers, but use their iMessage instead. Indeed, for sending a text message iMessage can be a nice substitute for the usual SMS. The thing is that Apple’s service verifies the addresses, while this doesn’t work with carriers all the time.

While it is not very easy to refuse from the SMS for the sake of potential safety, Apple also offer their users not to trust any suspicious content which comes within the text messages. They also state that the problem is not of theirs alone, and that spoofing is very common among the smartphones. So, why we are waiting for Apple to take any actions on improving safety in their final version of iOS 6, let us try to pay attention to what we receive and what we trust.

While such issues as spoofing are always there, there is a team of people who ensure security at Apple. Might be, they will address the current issue in the final version of the new iOS as well.