iPhone iOS text spoofing.

Moderator: Mod

iPhone iOS text spoofing.

Postby ADM1N » Wed Aug 22, 2012 3:07 pm

A few days ago Pod2g posted Never trust SMS: iOS text spoofin

[url]http://pod2g-ios.blogspot.com/2012/08/never-trust-sms-ios-text-spoofing.html[/url]

The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4.

And a exploits [url]https://github.com/pod2g/sendrawpdu/ [/url]
But it looks cant use, itjust acommand linemodePDU modetosendSMStools, maydidnt give acheat code.

And just hours after Jailbreak developer Pod2g highlighted what may have been potential flaw in the way Apple’s iOS messaging platform interpreted incoming text messages, Apple has commented on the matter, warning of the limitations of the SMS protocol and reinforcing the security of its iMessage service.

In a statement provided to Engadget, an Apple spokesperson said:

Apple takes security very seriously. When using iMessage instead of SMS,
addresses are verified which protects against these kinds ofspoofingattacks. One of the limitations of SMS is that it allows messages to be
sent with spoofed addresses to any phone, so we urge customers to be
extremely careful if they’re directed to an unknown website or address
over SMS.
--
The Loop’s Jim Dalrymple expands on Apple’s statement, underlining the key point that the company wanted to drive home. While the messaging flaw may affect the iPhone, the Apple smartphone isn’t alone.



“The vulnerability is not with the iPhone, but rather with the SMS technology. The iPhone is not alone in being susceptible to this type of attack — all phones that use SMS can be tricked in the same way,” Darlymple writes.



Apple’s iMessage is a proprietary platform, shielding iPhone users from traditional messaging flaws that exist within the ageing SMS protocol.



If you own an iPhone, you’ll likely be using iMessage anyway, but recommend you remain vigilant when sharing personal details over text message (or any protocol for that matter).
--
lol.It's evade..


[b:16a4911e48]Use:[/b:16a4911e48]


AboutAT to operate the SIM command and PDUits too much, and there have a lot documents.
[url]http://blog.adm1n.org/adm1n/iphone_command.html[/url]
[url]http://www.3gpp.org/ftp/Specs/html-info/23040.htm[/url]

There have a note can be use:

Despite the fact that MMI aspects of the ME are out of the scope of the present document, it must be mentioned
that this mechanism might open the door to potential abuse. It is desirable that the user is made aware in some way
that the reply address of the incoming message is different from the originator’s one, and that the user is presented
with the original TP-OA address to identify the sender of the SM .

This pic isUDH Location identification, and 22 is most important.

[img:16a4911e48]http://blog.adm1n.org/usr/uploads/2012/08/700253834.png[/img:16a4911e48]


After know how does it work, we can useBaseband to control SIM, send SMS as PDU.


let's test it!

Just usesendrawpdu, and edit a little.

Then
gcc -o raw main.c
-

root# ./raw

usage: ./raw <pdu data>

Here have to use a PDU Encode-Decode.
[url]http://www.adm1n.org/pbu%20converter.php[/url]

root#./raw 04911500F201000A816066666666000005E8329BFD06

this is send a 'hello' to 0666666666 andReceiver is 51002.

then is 0666666666 is a iphone user, then he will get a SMS from 51002.


Warning:
Prohibit the use of the articleto do anything!
Ps:
I dont knowanything, these are all copy, I am innocent.



[url]http://blog.adm1n.org/adm1n/iphone.html[/url]


Voila, et bienvenue sur mon blog.
[url]http://www.adm1n.org[/url]
ADM1N
Projets
 
Posts: 3
Joined: Wed Aug 22, 2012 11:10 am

Postby ADM1N » Wed Aug 22, 2012 3:14 pm

Pourquoi apres editi ya rien de rien?

encore..

A few days ago Pod2g posted Never trust SMS: iOS text spoofin

[url]http://pod2g-ios.blogspot.com/2012/08/never-trust-sms-ios-text-spoofing.html[/url]

The flaw exists since the beginning of the implementation of SMS in the iPhone, and is still there in iOS 6 beta 4.

And a exploits [url]https://github.com/pod2g/sendrawpdu/ [/url]
But it looks cant use, itjust acommand linemodePDU modetosendSMStools, maydidnt give acheat code.

And just hours after Jailbreak developer Pod2g highlighted what may have been potential flaw in the way Apple’s iOS messaging platform interpreted incoming text messages, Apple has commented on the matter, warning of the limitations of the SMS protocol and reinforcing the security of its iMessage service.

In a statement provided to Engadget, an Apple spokesperson said:

Apple takes security very seriously. When using iMessage instead of SMS,
addresses are verified which protects against these kinds ofspoofingattacks. One of the limitations of SMS is that it allows messages to be
sent with spoofed addresses to any phone, so we urge customers to be
extremely careful if they’re directed to an unknown website or address
over SMS.
--
The Loop’s Jim Dalrymple expands on Apple’s statement, underlining the key point that the company wanted to drive home. While the messaging flaw may affect the iPhone, the Apple smartphone isn’t alone.



“The vulnerability is not with the iPhone, but rather with the SMS technology. The iPhone is not alone in being susceptible to this type of attack — all phones that use SMS can be tricked in the same way,” Darlymple writes.



Apple’s iMessage is a proprietary platform, shielding iPhone users from traditional messaging flaws that exist within the ageing SMS protocol.



If you own an iPhone, you’ll likely be using iMessage anyway, but recommend you remain vigilant when sharing personal details over text message (or any protocol for that matter).
--
lol.It's evade..


[b:1d0b827865]Use:[/b:1d0b827865]


AboutAT to operate the SIM command and PDUits too much, and there have a lot documents.
[url]http://blog.adm1n.org/adm1n/iphone_command.html[/url]
[url]http://www.3gpp.org/ftp/Specs/html-info/23040.htm[/url]

There have a note can be use:

Despite the fact that MMI aspects of the ME are out of the scope of the present document, it must be mentioned
that this mechanism might open the door to potential abuse. It is desirable that the user is made aware in some way
that the reply address of the incoming message is different from the originator’s one, and that the user is presented
with the original TP-OA address to identify the sender of the SM .

This pic isUDH Location identification, and 22 is most important.

[img:1d0b827865]http://blog.adm1n.org/usr/uploads/2012/08/700253834.png[/img:1d0b827865]


After know how does it work, we can useBaseband to control SIM, send SMS as PDU.


let's test it!

Just usesendrawpdu, and edit a little.

Then
gcc -o raw main.c
-

root# ./raw

usage: ./raw <pdu data>

Here have to use a PDU Encode-Decode.
[url]http://www.adm1n.org/pbu%20converter.php[/url]

root#./raw 04911500F201000A816066666666000005E8329BFD06

this is send a 'hello' to 0666666666 andReceiver is 51002.

then is 0666666666 is a iphone user, then he will get a SMS from 51002.


Warning:
Prohibit the use of the articleto do anything!
Ps:
I dont knowanything, these are all copy, I am innocent.



[url]http://blog.adm1n.org/adm1n/iphone.html[/url]


Voila, et bienvenue sur mon blog.
[url]http://www.adm1n.org[/url]
ADM1N
Projets
 
Posts: 3
Joined: Wed Aug 22, 2012 11:10 am


Return to Sécurité Intrusion

Who is online

Users browsing this forum: No registered users and 1 guest

cron