toggle

AAPL Stock: 132.16 ( + 2.54 )

Printed from http://www.macnn.com

Some iOS apps vulnerable to auto-dialing URLs, developer notes

updated 04:48 pm EDT, Mon August 25, 2014

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

Neculaesei suggests that the problem lies with developers and not Apple, since documentation explains the situation and identifies how apps can be configured to display warning prompts. "While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this," he adds.





by MacNN Staff

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    I tested this, and it works. This seems like a bad decision on Apple's part. Who needs this capability?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softb ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Leitz Icon Label Printer

When you say the words "label printer" to people, they either just really don't care, or they get incredibly excited. This is one o ...

toggle

Most Commented