Apple has been working on fixing an issue with the iPhone's native Safari web browser, where dialing a number from a page displayed in Safari could be exploited.
Safari Calls On IPhone Endanger Users
Though SPI Dynamics reported the problem to Apple on July 6, the security company felt the Safari flaw required them to go public with the issues they have discovered.
Researchers at the company's SPI Labs found a host of problems that could arise from using Safari's native click to call feature on the iPhone. The feature allows the user to tap a phone number on the screen to have the iPhone dial it automatically.
However, peril lines the road to such convenience. SPI Labs detailed what could go wrong very quickly if attackers exploit the Safari feature:
• Redirecting phone calls placed by the user to different phone numbers of the attacker's choosing
• Tracking phone calls placed by the user
• Manipulating the phone to place a call without the user accepting the confirmation dialog
• Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
• Preventing the phone from dialing
Any of these attacks will be unacceptable to iPhone's users. SPI Labs recommended no one use Safari's dialing capability until Apple provides a fix for the browser.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
iEntry 10th Anniversary
RSS
Archive
