The flaw has existed since iPhone was first launched in 2007, and is still not solved in the beta version of iOS 6, the next operating system for iPhone, the hacker under the name “Pod2g” said in a blog post, reported Xinhua.
Under the protocols handling the exchange of SMS (Short Message Service) text between mobile phones, the sender of a message can technically change the reply-to phone number to something different from the original number, Pod2g explained.
In a good implementation, the receiver of the message would see both the original phone number and the reply-to one.
But using iPhone’s SMS feature, when receivers see the message, it seems to come from the reply-to number, while the original phone number of the sender is hidden.
The loophole means that someone could send iPhone users messages pretending to be from the receivers’ banks or other trusted sources, asking for some private information, or cheating them to go to a dedicated website to obtain users’ information.
Pod2g called the security flaw “severe” and urged Apple to fix it before the final release of the iOS 6 software.
“Now you are alerted. Never trust any SMS you received on your iPhone at first sight,” Pod2g wrote in the blog post.
Apple Inc could not be reached for comments.