toggle

AAPL Stock: 128.46 ( -1.96 )

Printed from http://www.macnn.com

Some iOS apps vulnerable to auto-dialing URLs, developer notes

updated 04:48 pm EDT, Mon August 25, 2014

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

Neculaesei suggests that the problem lies with developers and not Apple, since documentation explains the situation and identifies how apps can be configured to display warning prompts. "While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this," he adds.





by MacNN Staff

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    I tested this, and it works. This seems like a bad decision on Apple's part. Who needs this capability?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

toggle

Most Commented