Security Warning: iPhone’s click-to-call feature vulnerability under threat

BY Jason

Published 18 Jul 2007

One of the revolutionary features of the iPhone is its seamless integration between different applications which has been possible thanks to OS X. One of the examples of this is the click-to-call feature, where the feature gives iPhone users a simple way to dial phone numbers listed on web pages. Unfortunately, the feature is under threat from attackers who could exploit a bug in this feature to trick you into making phone calls to expensive "900" or overseas numbers without your knowledge. The security warning was issued by security researchers at SPI Labs.

In order for the attack to work, the attackers would have to either trick iPhone users into visiting a malicious Web site or make a legitimate Web site send untrustworthy information to the iPhone using what’s known as a cross-site scripting attack. "Any time someone could control the content that’s getting sent to the iPhone [the possibility of an attack] exists," said Hoffman, lead researcher with SPI Labs.

The other way is formatting a "dial" link incorrectly so that the web page shows one number, but the actual number being dialed is something else, exploiters could make phone calls to expensive 900 or overseas numbers.

SPI Labs is not releasing any further details on how the feature can be exploited, but it seems that they are already in touch with Apple after escalating it to them on July 6th. They are reported to be working with Apple to prevent these types of attacks.

The method provided by Apple for the developers to write web applications is interestingly the area that has come under attack by iPhone hackers. However not everyone seems to be convinced about SPI Labs findings, as CTO with Immunity Inc puts it "If you can make calls from the Web browser, you can make fake calls from the Web browser".

Anyways, as a precautionary measure its advisable that iPhone users limit the use of click-to-call feature to only trusted websites from their iPhone until we hear from Apple on this exploit or they provide a fix.

Thanks Dan for the tip-off on the security warning.

must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel