Sendrawpdu : iPhone SMS spoofing application Released
A French hacker has released a tool capable of sending SMSes with spoofed sender details on the iPhone 4. The sendrawpdu command line interface tool allows users to customise the reply number on SMSes and could be ideal for phishing attacks.
Researcher revealed an SMS spoofing flaw that affects every version of Apple’s mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.
pod2g highlights several ways in which malicious parties could take advantage of this flaw, including phishing attempts linking users to sites collecting personal information or spoofing messages for the purposes of creating false evidence or gaining a recipient's trust to enable further nefarious action.
In many cases the malicious party would need to know the name and number of a trusted contact of the recipient in order for their efforts to be effective, but the phishing example shows how malicious parties could cast broad nets hoping to snare users by pretending to be a common bank or other institution.
French hacker has published on his blog that he developed iPhone SMS security app and called it Sendrawpdu. The tool is designed for iPhone 4, and can be downloaded free of charge from the service repository Github where you can find the app.