A hacker known by the name of pod2g has discovered that Apple’s mobile operating system contains a SMS vulnerability which can be very bad for the phone’s security, once taken advantage of. The bug seems to have been originated since the birth of iOS itself and it’s still present in the latest tested version, iOS 6 beta 4.
Although the iOS 6 SMS bug can be exploited due to a door left open by Apple in the protocol used for sending text messages, the Cupertino-based company thought of it as an advanced option and something that could help users out.
As pod2g explains, the PDU (Protocol Description Unit) contains an UDI (User Data Header) which can only be interpreted by some smartphones, including those of Apple’s. This UDI includes an option where the device can change the reply-to address or even allow the phone to use another SIM number when sending short messages.
In order to urge Apple into fixing these issues, the discoverer has listed three ways which can be used to take advantage of this bug and even plans to release a tool soon that does all of them, automatically. For the sake of security, we won’t publish them here.