Home » News » Mobile Phones » A security flaw in iPhone can be exploited to make automatic calls

A security flaw in iPhone can be exploited to make automatic calls

By Silky Malhotra | Updated on 25-Aug-2014
A security flaw in iPhone can be exploited to make automatic calls
Silky Malhotra Silky Malhotra
25 Aug 2014 15:14
HIGHLIGHTS

Developers have discovered a security flaw in iPhone that can be exploited to make automatic phone calls to premium numbers, inflating phone bills and even stealing the users identity.

Developer Andrei Neculaesei has discovered that maliciously coded links in some apps will abuse the "tel" web handler to automatically make phone calls to premium phone numbers when you view a message from your smartphone, resulting in inflated phone bills.

Andrei Neculaesei, who works with wireless streaming company Airtame in Copenhagen, states that there’s a risk in how most native mobile applications handle phone numbers. Phone numbers often appear as links on a mobile device and can be used by a Uniform Resource Identifier (URI) scheme called ”tel” to trigger a call. If a person clicks on a phone number within Apple’s mobile Safari browser, a pop-up asks if a person wants to proceed with a call.

“When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts,” Neculaesei wrote in a post on his blog. “When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.”

He continued, “So if I click the link in Safari I get the prompt asking me to confirm my action, if I click the link in a native app’s webView it doesn’t ask and performs the action right away (makes the call).”

He added that the exploit isn't limited to any one app or developer. Gmail, Facebook Messenger, Google+ and even less recognizable apps fall prey to the attack. Neculaesei stated on his blog, that Apple could mitigate the issue by requiring prompts for all phone links. Neculaesei’s presented his findings at the Bsides security conference in Las Vegas earlier this month.

Earlier researchers had discovered a security flaw in Android that allowed malicious sites to make phone calls to premium phone numbers, automatically. Researchers had also discovered a loophole in Android that allows malicious apps to get control of your smartphones camera and upload images to an unknown server without the users permission.

Source: Andrei Neculaesei

 

Silky Malhotra

Silky Malhotra

Silky Malhotra loves learning about new technology, gadgets, and more. When she isn’t writing, she is usually found reading, watching Netflix, gardening, travelling, or trying out new cuisines. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo