A security flaw in iPhone can be exploited to make automatic calls

By Silky Malhotra | Published on 25 Aug 2014
HIGHLIGHTS
  • Developers have discovered a security flaw in iPhone that can be exploited to make automatic phone calls to premium numbers, inflating phone bills and even stealing the users identity.

A security flaw in iPhone can be exploited to make automatic calls

Developer Andrei Neculaesei has discovered that maliciously coded links in some apps will abuse the "tel" web handler to automatically make phone calls to premium phone numbers when you view a message from your smartphone, resulting in inflated phone bills.

Andrei Neculaesei, who works with wireless streaming company Airtame in Copenhagen, states that there’s a risk in how most native mobile applications handle phone numbers. Phone numbers often appear as links on a mobile device and can be used by a Uniform Resource Identifier (URI) scheme called ”tel” to trigger a call. If a person clicks on a phone number within Apple’s mobile Safari browser, a pop-up asks if a person wants to proceed with a call.

“When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts,” Neculaesei wrote in a post on his blog. “When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.”

He continued, “So if I click the link in Safari I get the prompt asking me to confirm my action, if I click the link in a native app’s webView it doesn’t ask and performs the action right away (makes the call).”

He added that the exploit isn't limited to any one app or developer. Gmail, Facebook Messenger, Google+ and even less recognizable apps fall prey to the attack. Neculaesei stated on his blog, that Apple could mitigate the issue by requiring prompts for all phone links. Neculaesei’s presented his findings at the Bsides security conference in Las Vegas earlier this month.

Earlier researchers had discovered a security flaw in Android that allowed malicious sites to make phone calls to premium phone numbers, automatically. Researchers had also discovered a loophole in Android that allows malicious apps to get control of your smartphones camera and upload images to an unknown server without the users permission.

Source: Andrei Neculaesei

 

logo
Silky Malhotra

email

Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

Redmi 9 Power (Electric Green, 4GB RAM, 64GB Storage) - 6000mAh Battery | 48MP Quad Camera
Redmi 9 Power (Electric Green, 4GB RAM, 64GB Storage) - 6000mAh Battery | 48MP Quad Camera
₹ 10499 | $hotDeals->merchant_name
Samsung Galaxy M21 (Midnight Blue, 4GB RAM, 64GB Storage)
Samsung Galaxy M21 (Midnight Blue, 4GB RAM, 64GB Storage)
₹ 13999 | $hotDeals->merchant_name
Samsung Galaxy M31 (Space Black, 6GB RAM, 64GB Storage)
Samsung Galaxy M31 (Space Black, 6GB RAM, 64GB Storage)
₹ 15999 | $hotDeals->merchant_name
Redmi Note 9 Pro Max Interstellar Black 6GB|64GB
Redmi Note 9 Pro Max Interstellar Black 6GB|64GB
₹ 14999 | $hotDeals->merchant_name
Realme 7 Pro Mirror Silver 6GB |128GB
Realme 7 Pro Mirror Silver 6GB |128GB
₹ 19999 | $hotDeals->merchant_name
DMCA.com Protection Status