A potential bug in iPhone allows devices to automatically make premium calls and blow up victims’ phone bills and pinch their personal details in some cases, according to a security researcher.
Andrei Neculaesei noted that the iPhone maker allows apps to make phone calls after users tap a number on screen and by making out actionable text with tags termed as Uniform Resource Identifiers (URI).
Neculaesei noted that the ‘tel:’ URI system can be exploited by wrapping JavaScript together with the target URI that automatically executes the call without waiting for a user to tap on screen.
Further, the vulnerability also allows hackers to force devices to dial premium numbers that are rapidly selected on the receiving end, and accumulate amount charged to the victims’ phone bills.
According to Engadget, hackers would only require to send out spam messages with a masked URL to the manipulated code to execute the scheme.
Neculaesei demonstrates that the flaw also works for Facebook Messenger, Gmail and Google+ apps installed on an iPhone, with several dozens of similar apps also being vulnerable.
