iPhone Flaw Can Reportedly Be Exploited to Automatically Make Calls

Advertisement
By NDTV Correspondent | Updated: 25 August 2014 12:48 IST
A potential flaw in the way Apple makes life easier for users and app developers could be exploited to force devices to automatically make premium calls, inflating the phone bills of victims and, in some cases, stealing their identities.

Apple allows apps to make phone calls when a user taps a number on screen, by identifying actionable text with tags called URIs (Uniform Resource Identifiers). Calls can be placed without a confirmation dialog popping up when the scheme is used within apps. Such functionality was designed for search and listings apps. However, it has also been used for messaging and communications apps, such that when a person sends someone else a phone number, the recipient can tap it to call it.

Security researcher Andrei Neculaesei has now demonstrated that attackers can abuse the "tel:" URI scheme by packaging JavaScript along with the target URI which automatically executes the call without waiting for a user to tap anything. With no an OS-level warning in place, an attacker could force phones to dial premium numbers which are instantly picked up on the receiving end, and collect money which would be charged to the victims' phone bills.

An attacker would only have to send out spam messages with a disguised URL to the manipulated code for the scheme to work. In a post to his website, reported by Engadget, Neculaesei demonstrates the flaw at work in the Facebook Messenger, Gmail and Google+ apps running on an iPhone. Dozens of similar apps might be similarly vulnerable

Rather than blame Apple exclusively, Neculaesei blames the app developers for using the tel: URI irresponsibly. The exact design of the scheme is documented by Apple, and an alternative which forces a prompt, telprompt:, also exists. Apple's URI implementation is meant to give app developers options so that users are not inconvenienced by confirmation dialogs for every call they try to place through an app's interface.

The feature (or bug) takes on a more serious tone when used to trigger FaceTime calls. Users could be tricked into placing video calls which are picked up instantly, at which point screenshots of their faces could be saved without their knowledge.

While the problem is not the result of a traditional security flaw or bug, Apple could force prompts in all cases to mitigate the issue, although this would annoy users.
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Apple, Facebook, Gmail, Google, iOS, iOS security, iPhone, iPhone security, scam
Intex Cloud FX Firefox OS Smartphone Launched at Rs. 1,999
Hackers Target Games to Find Ways to Cheat
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo V70 Lite 5G Silently Launched in Select Markets With These Features
  2. Vivo Y31s Launched in Malaysia With These Features
  3. How to Watch WWDC 2026 Live on YouTube, Apple TV, and More
  4. New Leak Shows Us What Apple's Foldable iPhone Might Look Like
  5. Redmi Turbo 5 Confirmed to Launch in India With This Rear Camera Setup
  6. iQOO Neo 12 Tipped to Offer Major Display Upgrade Over Predecessor
  7. Vivo X300 FE, iQOO 15R and More Discounted During Amazon Mega Deal Days Sale
  8. OnePlus Could Launch a New Budget Smartphone Lineup in India Soon
  9. Redmi K100 May Bring Wireless Charging to Vanilla K-Series Models
  10. Samsung Galaxy S27 Pro's Battery May Match the One on the Galaxy S26 Ultra
#Latest Stories
  1. Apple Unveils iOS 27 at WWDC 2026: Revamped Siri App, Faster Performance and Liquid Glass Upgrades
  2. WWDC 2026: Apple Launches macOS 27 Golden Gate With Major Siri Redesign and New AI Tools
  3. Astrophotographer Captures Giant Human-Shaped Solar Prominence
  4. Samsung Galaxy S26 FE Said to Ditch Matte Finish for a Glossy Rear Panel
  5. OnePlus N Series Tipped to Launch in India Next Month, Could Be More Affordable Than the OnePlus Nord CE 6 Lite
  6. Vivo Y31s 5G Launched With Snapdragon 4 Gen 2 Chip, 6,500mAh Battery: Price, Specifications
  7. Chinese Court Classifies Bitcoin as Property in Case Involving 107 BTC Theft
  8. Resident Evil Veronica Revealed at Summer Game Fest; Launch Set for 2027
  9. Karuppu OTT Release: When and Where to Watch Suriya’s Fantasy Action Drama Online
  10. iQOO Neo 12 Said to Bring Major Display Upgrade With Up to 185Hz Refresh Rate
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.