toggle

AAPL Stock: 110.37 ( -1.97 )

Printed from http://www.macnn.com

Some iOS apps vulnerable to auto-dialing URLs, developer notes

updated 04:48 pm EDT, Mon August 25, 2014

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

Neculaesei suggests that the problem lies with developers and not Apple, since documentation explains the situation and identifies how apps can be configured to display warning prompts. "While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this," he adds.





by MacNN Staff

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    I tested this, and it works. This seems like a bad decision on Apple's part. Who needs this capability?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented