Try Sendrawpdu App From Pod2G To Break iPhone SMS Security
After the article which was published yesterday about iPhone SMS security vulnerability, which allows attackers to use an arbitrary number in the data sending SMS messages, the hacker Pod2g published new app that allows everybody to make sure that this is really true.
French hacker has published on his blog that he developed iPhone SMS security app and called it Sendrawpdu. The tool is designed for iPhone 4, and can be downloaded free of charge from the service repository Github where you can find the app.
Sendrawdpu, CLI tool, allows you to send raw SMS PDU data to iPhone 4 baseband. Update: We compiled this file and you can try to install SendRawPDU and send spoofing SMS.
Famous jailbreak developer Pod2g found in the iPhone software vulnerabilities, which can be used to deceive the owners of phones and carry out SMS phishing attacks spoofing the return address. The problem is found in all versions of the firmware for iPhone.
SMS operating system, instead of showing the number to which to send a reply message displays the address from which the message came. Just check out what Pod2g said about security exploit that he had found exploring iOS SMS security:
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. Most carriers don’t check this part of the message, which means one can write whatever he wants in this section : a special number like 911, or the number of somebody else.
In this connection, the attacker does not recommend the sharing of important information via the iPhone SMS. Also you can try to fix sending SMS if have that problem too.
Just use this iPhone SMS security app and you will find out out. In addition, users should not trust suspicious messages, even if they are sent from a familiar number, hacker says presenting Sendrawpdu.
You can also read about another thread – iKee b. Worn and how to clean it from your iPhone 4 iOS.
Prior to launching iOS 6 is only a few weeks. While the firmware is in beta testing, the developers have time to fix the vulnerability, thus protecting users from phishing attacks. I think that this is the first that Apple has to do. How do you think? Have you tried Sendrawpdu SMS security app?