Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Apple

July 19th, 2007, 12:29 GMT · By Victor Mihailescu

iPhone Phone Link Exploit

SHARE:

Adjust text size:



Enlarge picture
The iPhone has a wide array of features, some like the multi-touch interface are very well known and constantly used, while others such as the web dial feature are more obscure. This feature allows for single click dialing of telephone numbers found in web pages. Instead of actually dialing out the number itself, you click it as if it were a link, the only issue is that there might be bugs with it.

The timesaving features could potentially be exploited
in order to hide the actual number to be called and tricking users into calling other, far more expensive numbers. The most likely candidates are the "900" numbers that charge a large amount per minute and typically offer various services that can range from tech support to entertainment. Since the user is charged at the moment that the call is made, such exploits could prove to be expensive to the average user.

More complex exploitation could go as far as tracking of the calls being made as well as redirecting calls to other numbers and even calls being made without the knowledge of the user. Other denial of service attacks though the same vector could render the device unusable until it is turned off. While the easiest way of exploiting this vulnerability is through user interaction, it is apparently not required and a properly crafted malicious site could exploit the user's phone without his or her knowledge.
It is unclear whether the bug is only present in Safari or whether it can also be exploited via the Google Maps application as well as Mail, but it is definitely present in Safari.

While detailed information about the exploits has not been publicized by SPI Labs, the security firm warns that users should stay well away from the telephone number links in web pages, especially those from sites without a strong reputation. SPI states that it reported the security vulnerability to Apple on July 6 and is working with the company to resolve the issue. However, to date Apple has neither acknowledged the alleged problem nor issued a public advisory.
FILED UNDER:
Apple
iPhone
Security

TELL US WHAT YOU THINK:

1,975 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Storing Data on an iPhone
Microsoft Exchange Update Fixes Potential Mail Issues with IMAP And Apple iPhone
The Race to Unlock the iPhone

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use