http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240005872/don-t-trust-that-text-message-tool-simplifies-ios-sms-spoofing.html
By Kelly Jackson Higgins
Dark Reading
Aug 20, 2012
A French researcher has unleashed a free tool that exploits a weakness
he recently highlighted in the SMS feature of Apple's iOS that could
allow an attacker to spoof the sender of a text message.
The new tool, created by researcher pod2g, basically lets an attacker
send a text message that appears to be from someone you know or trust --
such as your bank.
But the vulnerability isn't in the smartphone itself, says Errata
Security CTO David Maynor; rather, it's in the network transporting the
SMS messages. And there are already services available, such as
SMSGang's Spoof SMS Service, that provide spoofing, Maynor says. The new
tool just automates SMS-spoofing, he says.
"It's a network problem," Maynor says of the issue. Even so, phone
manufacturers could add some protections for this attack that help
prevent malicious activity at the User Data Header (UDH) used in SMS, he
says.
[...]
