iPhone bug can allow making calls automatically

Mobile & tablets

by CBR Staff Writer| 26 August 2014

The flaw works for Facebook Messenger, Gmail and Google+ apps installed on an iPhone.

A potential bug in iPhone allows devices to automatically make premium calls and blow up victims' phone bills and pinch their personal details in some cases, according to a security researcher.

Andrei Neculaesei noted that the iPhone maker allows apps to make phone calls after users tap a number on screen and by making out actionable text with tags termed as Uniform Resource Identifiers (URI).

Neculaesei noted that the 'tel:' URI system can be exploited by wrapping JavaScript together with the target URI that automatically executes the call without waiting for a user to tap on screen.

Further, the vulnerability also allows hackers to force devices to dial premium numbers that are rapidly selected on the receiving end, and accumulate amount charged to the victims' phone bills.

According to Engadget, hackers would only require to send out spam messages with a masked URL to the manipulated code to execute the scheme.

Neculaesei demonstrates that the flaw also works for Facebook Messenger, Gmail and Google+ apps installed on an iPhone, with several dozens of similar apps also being vulnerable.

Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.