iPhones make calls without permission, researcher warns
Apple's iOS is vulnerable to web-based attacks that force third-party apps to make phone calls and carry out other sensitive operations without first warning the user, a security researcher has warned.
Researcher Nitesh Dhanjani shows here how the planting of a simple iframe on a webpage can force the Safari browser to open Skype and dial a phone number or send a message to another Skype user. As long as Skype is installed and it stores the victim's account password, the attack will work with no warning, he wrote.
When Dhanjani contacted Skype, he got no response. But even if the VoIP provider updated its app to seek user permission before making calls and sending messages, Dhanjani still isn't sure users would be best served.
Indeed, Safari asks for permission when encountering the tel scheme, which invokes the iPhone's default phone. But for reasons that remain unexplained Safari doesn't apply the same treatment when third-party schemes are invoked. ®
- · Rackspace debuts OpenStack cloud servers
- · America's broadband adoption challenges
- · EPAM Systems Leverages the Cloud to Enhance Its Global Delivery Model With Nimbula Director
- · Telcom & Data intros emergency VOIP phones
- · Lorton Data Announces Partnership with Krengeltech Through A-Qua⢠Integration into DocuMailer