http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240005872/don-t-trust-that-text-message-tool-simplifies-ios-sms-spoofing.html By Kelly Jackson Higgins Dark Reading Aug 20, 2012 A French researcher has unleashed a free tool that exploits a weakness he recently highlighted in the SMS feature of Apple's iOS that could allow an attacker to spoof the sender of a text message. The new tool, created by researcher pod2g, basically lets an attacker send a text message that appears to be from someone you know or trust -- such as your bank. But the vulnerability isn't in the smartphone itself, says Errata Security CTO David Maynor; rather, it's in the network transporting the SMS messages. And there are already services available, such as SMSGang's Spoof SMS Service, that provide spoofing, Maynor says. The new tool just automates SMS-spoofing, he says. "It's a network problem," Maynor says of the issue. Even so, phone manufacturers could add some protections for this attack that help prevent malicious activity at the User Data Header (UDH) used in SMS, he says. [...]Received on Tue Aug 21 2012 - 02:04:16 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 21 2012 - 02:06:37 PDT