

IOS SMS Spoofing - eyevariety
http://pod2g-ios.blogspot.co.uk/2012/08/never-trust-sms-ios-text-spoofing.html

======
minikites
_Never trust any SMS you received on your iPhone at first sight._

Perhaps I don't understand, but why single out the iPhone? Isn't every phone
that receives SMS vulnerable? Couldn't you perform this "attack" with any
phone or modem capable of sending SMS?

I remember something a while back where you could spoof SMS to send tweets to
Twitter as someone else. I assume that's also still possible?

~~~
smackfu
"In a good implementation of this feature, the receiver would see the original
phone number and the reply-to one. On iPhone, when you see the message, it
seems to come from the reply-to number, and you loose track of the origin."

~~~
X-Istence
What device currently out there does display the from/reply-to?

Spoofing the reply-to or what number a message came from is easy, and has been
used before to fake post messages to peoples twitter account for instance,
same could probably be done with Facebook if someone has the SMS feature
turned on.

I don't remember any of my phones ever having a feature that allowed me to see
the Sender/Reply-to for any text message I've received. One thing I do know is
that I trust SMS about as far as I trust my carriers and I don't trust them at
all. Even if a "bank" were to text me I wouldn't use the information provided
in the text to make my next move.

------
lucaspiller
> On iPhone, when you see the message, it seems to come from the reply-to
> number, and you loose track of the origin.

This is a typo right? I could understand the issue if the reply-to is
different from the apparent sender (and hidden), but if they are the same what
is the issue? As stated by other commenters practically any SMS gateway allows
you to set whatever originator (sender) you like.

~~~
smackfu
Well, it certainly should say 'lose'.

------
superuser2
IOS runs on Cisco routers. You're thinking of iOS.

/pedantry

~~~
Timothee
The Hacker News software capitalize the title of the posts, thus transforming
the correct "iOS" (as seen in the title of the blog post itself) in "IOS". I
believe pg added some exceptions since I've seen "iPhone" and "iPad" properly
capitalized in the past, but it seems "iOS" is not in that list yet.

~~~
riobard
The trick is to put a space before the first word of the title.

