Security breach can force your Apple iPhone to make costly phone calls

Security breach can force your Apple iPhone to make costly phone calls
Andrei Neculaesei, a developer from Copenhagen company Airtame, has discovered a security breach that can have your Apple iPhone dialing expensive phone numbers at your expense, without your permission or even knowledge. The security breach can be designed so that every time you visit a certain website, your iPhone is reaching into your wallet, making a very expensive call.

When you click on a phone number from a link in iOS, you are asked if you want to make the call, right? So how could these expensive calls take place under your nose. Well, the truth is that if you go to a native mobile app, the call can be made without requesting your permission. It is that flaw that is being taken advantage of by the criminals.

For example, let's say that you are on Facebook Messenger. Since this is a native app, there is no prompt to ask you if you are sure you want to make a call if you press on a link. To make matters worse, Neculaesei used javascript to come up with a way to make the link click itself automatically. Thus, the call is made without you realizing what is going on. And what is going on, is a very expensive hit to your bank account thanks to a call to a premium phone number. The call is made automatically, without your approval, simply by looking at a certain website.

The best way to put an end to this thievery, is for companies like Facebook and Google to put up the prompts on their sites just to make sure that you do give permission for your phone to dial a number obtained from a link on a native mobile app.

source: RTFMData via PCWorld, TechRadar

FEATURED VIDEO

58 Comments

1. register unregistered

And people bash Android for security problems. Even so called 'secured' OS has security problems.

2. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

The only secured OS is BlackBerry. iOS? NSA has got you covered.

54. JakeLee

Posts: 1021; Member since: Nov 02, 2013

Android? EVERYONE has got you covered.

3. Ashoaib

Posts: 3260; Member since: Nov 15, 2013

iphone and ios is simply a crap or simply a trash or garbage... only victoms of ipropaganda can say something good about it and I know after my comment many ivictoms will come running... just watch

4. dushyant

Posts: 94; Member since: Mar 14, 2011

You seem butt hurt.

7. Jinto

Posts: 436; Member since: Jan 15, 2014

You seem high on Apples

11. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Or drunk on iKool-Aide.

17. neela_akaash

Posts: 1239; Member since: Aug 05, 2014

Wow! iOS fanboys must have an explanation for this...

18. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

RTFA? "The best way to put an end to this thievery, is for companies like Facebook and Google" Facebook and Google and Google Google ^^^^^^^^^

20. PapaSmurf

Posts: 10457; Member since: May 14, 2012

I don't think anyone ever reads the last paragraph unfortunately.

30. Ashoaib

Posts: 3260; Member since: Nov 15, 2013

as a matter of fact we did but thats not a point to say something against iphone... we found what we needed and above comment is an example... if we take last paragraph, why google and facebook will fix their sites to fix this issue? its apple's os which is weak to let it happen

21. neela_akaash

Posts: 1239; Member since: Aug 05, 2014

The point is, so called Most secured and most advanced os is so vulnerable....

34. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

"The point is, so called Most secured and most advanced os is so vulnerable...." You are exactly right. This is the real point that people should understand. The NSA -- which knows a thing or two about security -- just laughed at the so-called "security" of the iPhone and called its users "iZombies". So this problem is not surprising. I mean what security problem would be surprising? Apple builds backdoor APIs into the phone so they can bypass all security and just copy all the files off the phone. Apple "security" is a joke.

29. RebelwithoutaClue

Posts: 5485; Member since: Apr 05, 2013

Companies LIKE... that doesn't mean they are the only culprits in this case. It means more companies/websites need to adjust this settings.

39. neela_akaash

Posts: 1239; Member since: Aug 05, 2014

I think you should not use any services from Google. Not even their search engine...

43. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

I'll go ahead and do that on my Galaxy S4.

5. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Wouldn't the best way be, OEM just fix their crap?

6. buccob

Posts: 2949; Member since: Jun 19, 2012

I agree, the fix should come from Apple's way of managing phone calls... Or at least a joined solution.

25. Doakie

Posts: 2470; Member since: May 06, 2009

"The best way to put an end to this thievery, is for companies like Facebook and Google to put up the prompts on their sites just to make sure that you do give permission for your phone to dial a number obtained from a link on a native mobile app." Yeah.... So it's the website companies responsibility to modify their website because of an iOS flaw? Totally illogical.

8. TheMan

Posts: 494; Member since: Sep 21, 2012

An old scam updated.

9. BobbyDigital

Posts: 2124; Member since: May 29, 2014

More of that great iPhone security!

10. Vexify

Posts: 570; Member since: Jun 16, 2014

This has been proven false many times over the past months, both on recent versions (last 2 years ) of iOS and Android. This happened on very old firmwares. PA should get their stuff together.

26. tedkord

Posts: 17094; Member since: Jun 17, 2009

Well, it's just been proven true, so apparently not.

49. Vexify

Posts: 570; Member since: Jun 16, 2014

Ok brb while I write to PA saying I discovered malware that causes your Android and iOS phones to overheat and blow up. There you go. Proven true. Tedkord logic

51. AfterShock

Posts: 4146; Member since: Nov 02, 2012

You hurtin. source: RTFMData via PCWorld, TechRadar Kind of a difference in source or Sauce sourcing.

12. Mxyzptlk unregistered

There goes the hive mind hating in full force.

27. tedkord

Posts: 17094; Member since: Jun 17, 2009

Yeah, if only people would remain impartial and not troll, like you, right? /s

31. Mxyzptlk unregistered

Like you right?

41. BobbyDigital

Posts: 2124; Member since: May 29, 2014

Like you when you troll BlackBerry and Android articles right?

50. Mxyzptlk unregistered

I don't.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.