Friday, August 29, 2014

iPhone Apps Initiating Forced To Place Expensive Calls

iPhone 5
Privacy has been the top most reason that encourages anyone to invest in a smart phone. If you have been in a delusion that you are safe and spying is limited to another area, then beware. iPhone one of the largest selling smart phones seems to have hit a roadblock in form of forced call through their certain apps. This vulnerability can force the apps to place expensive calls or facetime calls.

Usually in any phone and even iPhone, tapping any number will give a pop screen prompting whether you want to make call or not. According to one of the developers, there is serious risk in apps which don’t ask for permission about the same at first. Due to the security lapse, your phone might be forced to make calls just by clicking of links; this will potentially connect your phone to expensive numbers without any prior warning.

Developer Andrei Neculaesei from Copenhagen Company was able to demonstrate the complete process and the security lapse in certain iOS apps. This has proven to work as many apps like Facebook messenger, Google+ and Gmail don’t give any pop-up when a consumer’s taps on any phone number embedded in the site.

“Hello Pretty” tactic 

Andrei stated that he used a very sneaky JavaScript to enable the links in a website, which clicks on by own. When these sites were accessed through various apps apart from Safari, an automatic call was initiated. Apart from incurring money loss, the user might end up communicating to the attackers through live video. This was called Hello Pretty.

Facetime has been facing a lot of problem as the calls are getting initiated by accessing any site through their app. These calls are almost instant. Just image a simple situation, you have just clicked on some link and without you being aware, an automatic calls is placed to an expensive number, where your attacker will be able to save all the details including your looks.

Even though Andrei was able to highlight some of the apps that have got affected by this issue, the entire blame can’t be placed on Apple, as there are apps which have been made available through different developers. Some of developers have not configured their apps to give a pop up with any specific information.

There are many giant names in these developers like Facebook and Google, who have chosen not to use this feature but the growing security issue might prompt them to incorporate these features.

Current update 

Due to the ongoing security issue, Facebook has already started working to get this issue fixed atleast in their apps. There are still many more apps still vulnerable to this issue.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.