A bug in the iPhone means that users shouldn’t necessarily trust that text messages they receive are coming from the phone numbers they claim to be sent from.
According to the researcher who discovered the bug, iPhone users should be particularly wary of text messages that claim to come from their banks or credit card companies. That is because, for instance, an identity thief could send a text message impersonating the recipient’s bank, then direct the recipient to a phishing site where they would be encouraged to share sensitive personal information under the false pretense that the phishing site is affiliated with their bank.
This threat is increasingly relevant as more banks turn to mobile apps and SMS messages to communicate with customers.
Now for the technical explanation: The iPhone bug in question derives from how the Apple iOS (the iPhone’s operating system) administers one part of the SMS message called User Data Header (UDH). There are several options in the UDH, one of which lets users change the phone number that the text message appears to come from.
The researcher who discovered the glitch (who goes by the handle Pod2g) wrote in a blog post about the bug that because most carriers don’t check the UDH part of text messages, anyone can make such modifications to their text messages. Pod2g called for better implementation of the UDH feature to eliminate the problem.