iPhone Hacks

Top Categories

November 2009

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Archives

Quick Links

Disclaimer

  • This website is not owned by, is not licensed by nor is a subsidiary of Apple Computer, Inc. Apple iPhone are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. The content of this website is not supplied or reviewed by Apple Computer, Inc. All articles, images, logos and trademarks in this site are property of their respective owners. Please follow this link to read the complete disclaimer.

Blog Stats

  •   
    Top Blog Topsites List
    Gadget Blogs - BlogCatalog Blog Directory
    Technology
    Technology Blogs - Blog Top Sites
    DigNow.org
    Find the best blogs at Blogs.com.

Subscribe

Security Warning: iPhone's click-to-call feature vulnerability under threat

One of the revolutionary features of the iPhone is its seamless integration between different applications which has been possible thanks to OS X. One of the examples of this is the click-to-call feature, where the feature gives iPhone users a simple way to dial phone numbers listed on web pages. Unfortunately, the feature is under threat from attackers who could exploit a bug in this feature to trick you into making phone calls to expensive "900" or overseas numbers without your knowledge. The security warning was issued by security researchers at SPI Labs.

In order for the attack to work, the attackers would have to either trick iPhone users into visiting a malicious Web site or make a legitimate Web site send untrustworthy information to the iPhone using what's known as a cross-site scripting attack. "Any time someone could control the content that's getting sent to the iPhone [the possibility of an attack] exists," said Hoffman, lead researcher with SPI Labs.

The other way is formatting a "dial" link incorrectly so that the web page shows one number, but the actual number being dialed is something else, exploiters could make phone calls to expensive 900 or overseas numbers.

SPI Labs is not releasing any further details on how the feature can be exploited, but it seems that they are already in touch with Apple after escalating it to them on July 6th. They are reported to be working with Apple to prevent these types of attacks.

The method provided by Apple for the developers to write web applications is interestingly the area that has come under attack by iPhone hackers. However not everyone seems to be convinced about SPI Labs findings, as CTO with Immunity Inc puts it "If you can make calls from the Web browser, you can make fake calls from the Web browser".

Anyways, as a precautionary measure its advisable that iPhone users limit the use of click-to-call feature to only trusted websites from their iPhone until we hear from Apple on this exploit or they provide a fix.

Thanks Dan for the tip-off on the security warning.

Posted by iPhoneHacks on July 18, 2007 in Hacks | Permalink

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

SUPPORT OUR SPONSORS

Subscribe to RSS Feed

Follow us on Twitter

Recent Posts

Categories

Recent Comments