Don’t trust that text: How the iPhone SMS spoof works

Sample iPhone text scam

Late Friday, a blog focused on iOS security research claimed to have found a severe security flaw in iOS. It’s not a way to install malware or otherwise run destructive code, but it is an effective way to create fraudulent text messages that could be used in phishing schemes. While any phone that uses SMS text messaging is vulnerable, UI aspects of the iPhone make it a particularly tempting target. Since then, Apple has claimed the vulnerability lies in SMS technology, not iOS, and that it has no way of fixing it. So how does such a gaping hole in SMS security work?

As pod2g’s security blog explains, the vulnerability originates in the Protocol Description Unit system that’s used to transmit text messages. When you create an SMS message on your phone and hit the Send button, your phone translates the message into PDU terms, tosses it across the network to its recipient, and the phone at the other end catches the bundle of PDU code and translates it into whatever display format the recipient phone uses. But if you’re handy with raw code, you can bypass all the technology that UI designers have worked so hard to make nice and instead create a message in raw PDU text format.

That’s where shenanigans can begin. Just by typing a few words into a text string, a nasty spammer can change the User Data Header in the PDU code, and make it appear to the recipient that the text is coming from their beloved “Mother,” “The FBI,” “Messengers From Space,” or any other recipient they choose to specify. So you could get a message from “Mom” asking you to “Please log into this bank site so we can pay for your Uncle’s kidney surgery” or some other piece of  phishing trickery. Even more maliciously, someone who knew the name of your trusted contacts could send, for example, a message that appears to be from your buddy Dave claiming to have had an affair with your house-pet, driving you into a jealous frenzy for nothing but their own amusement. More seriously, courts have used SMS messages as evidence, so this scam could be used to falsely prove that someone violated a restraining order, or is engaged in criminal conspiracy.

The iPhone is especially vulnerable because of its SMS user interface. In a typically Jobsian pursuit of cleanliness, the iPhone doesn’t display the phone number of whoever sent you a message, only the name of the sender. So if “Uncle Jed” is texting you from a phone number in Kazakhistan, there’s no way to tell that you’re getting messages from a suspicious number. Obviously, the iPhone isn’t the only phone to keep those ugly integers tucked away in the pursuit of elegance, but it’s by far the most prominent, and therefore the one with the most to lose if its interface gets regarded as a security risk.

Apple has dealt with phishing vulnerabilities on the iPhone before, as well as phishing scams built around the Apple ID. Unfortunately, this vulnerability is inherent to the SMS protocol, making it much harder for Apple to unilaterally fix it. Seth Bromberger, a security consultant at NCI Security, suggests that the iPhone should display an originating number but it’s hard to imagine Apple cluttering up its clean lines with the kind of numeral strings that we all stopped remembering the day we got a built-in contacts list. For now, Apple has issued a statement telling users to be careful, and mentioning that hey, by the way, if you and all your friends just used iPhones exclusively then you would automatically be texting with the iMessage system, where these problems can’t happen. So perhaps the solution to this iPhone vulnerability is to buy an iPhone for all the people who might text you. Everybody wins. 

Computing

Smishing sounds funny, but it’s a serious threat to your phone’s security

We all know phishing is a huge security problem, but most people still believe it’s a problem limited to email. According to new reports, however, phishing scams are attempting to exploit your trust in text messages.
Deals

The best iPhone deals for November 2018

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for November 2018.
Computing

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.
Mobile

We tried all the latest and greatest smartphones to find the best of 2018

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Product Review

Why get anything bigger? The new Mac Mini is all the desktop you need

Apple’s new Mac Mini doesn’t look much different from its predecessor, and it’s more expensive. Yet the changes under the hood make a case for its consideration as your new Mac. Can this entry-level machine hold its own?
Product Review

The iPad Pro is the best tablet ever. But don't sell your laptop just yet

Apple has unveiled a big redesign for the iPad Pro, slimming down the bezels, adding Face ID, and the ability to attach and charge the Apple Pencil. All of this comes at a high cost however, as the iPad Pro starts at $799.
Mobile

Apple will fix these iPhone X, 13-inch MacBook Pro issues for free

Apple launched free repair programs for the iPhone X and 13-inch MacBook Pro with no Touch Bar. Some iPhone X units are suffering from unresponsive touchscreens, while a specific batch of the 13-inch MacBook Pro is prone to drive failure.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Computing

One of these monitors will look great next to your new MacBook Pro

Apple doesn't make its beloved Cinema Display monitors anymore, which makes finding the best monitor for the MacBook Pro more difficult. In this guide, we break down some of our favorites and offer something for every size and budget.
Mobile

Which smartphone has the best camera? We found the sharpest shooters

They say that the best camera is always the one you have with you and that makes your smartphone camera very important indeed. Join us for a closer look at the best camera phones available right now.
Deals

The best Apple Watch deals for November 2018

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Deals

The best MacBook deals for November 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Deals

The best iPad deals for November 2018

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for November 2018.
Mobile

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.