Sign up for our newsletter
Technology / Networks

iPhone bug can allow making calls automatically

A potential bug in iPhone allows devices to automatically make premium calls and blow up victims’ phone bills and pinch their personal details in some cases, according to a security researcher.

Andrei Neculaesei noted that the iPhone maker allows apps to make phone calls after users tap a number on screen and by making out actionable text with tags termed as Uniform Resource Identifiers (URI).

Neculaesei noted that the ‘tel:’ URI system can be exploited by wrapping JavaScript together with the target URI that automatically executes the call without waiting for a user to tap on screen.

Further, the vulnerability also allows hackers to force devices to dial premium numbers that are rapidly selected on the receiving end, and accumulate amount charged to the victims’ phone bills.

White papers from our partners

According to Engadget, hackers would only require to send out spam messages with a masked URL to the manipulated code to execute the scheme.

Neculaesei demonstrates that the flaw also works for Facebook Messenger, Gmail and Google+ apps installed on an iPhone, with several dozens of similar apps also being vulnerable.

This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.