iPhone danger warning
p2pnet news | mobiles:- iPhone users shouldn’t make online calls from the Safari browser, warns Billy Hoffman, lead researcher at SPI Labs.
The iPhone’s Safari web browser allows users to dial any phone number shown on a web page simply by tapping the number, says the SPI laboratory blog.
But, “SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks,” says Hoffman, going on the attacks can include:
- Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
- Tracking phone calls placed by the user
- Manipulating the phone to place a call without the user accepting the confirmation dialog
- Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
- Preventing the phone from dialing
“These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm,” says the SPI alert, adding:
“SPI Labs researchers reported these issues to Apple on July 6 and are working with Apple to remediate the problems.
“However, SPI Labs recognizes the unique urgency of these issues and the large number of people that could be affected. As such, SPI Labs recommends that iPhone users do not use the built-in Safari browser to dial telephone numbers until Apple resolves these issues.”
Also See:
SPI laboratory blog – SPI Labs advises avoiding iPhone feature, July 16, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
