iPhone Flaw Can Reportedly Be Exploited to Automatically Make Calls

Advertisement
By NDTV Correspondent | Updated: 25 August 2014 12:48 IST
A potential flaw in the way Apple makes life easier for users and app developers could be exploited to force devices to automatically make premium calls, inflating the phone bills of victims and, in some cases, stealing their identities.

Apple allows apps to make phone calls when a user taps a number on screen, by identifying actionable text with tags called URIs (Uniform Resource Identifiers). Calls can be placed without a confirmation dialog popping up when the scheme is used within apps. Such functionality was designed for search and listings apps. However, it has also been used for messaging and communications apps, such that when a person sends someone else a phone number, the recipient can tap it to call it.

Security researcher Andrei Neculaesei has now demonstrated that attackers can abuse the "tel:" URI scheme by packaging JavaScript along with the target URI which automatically executes the call without waiting for a user to tap anything. With no an OS-level warning in place, an attacker could force phones to dial premium numbers which are instantly picked up on the receiving end, and collect money which would be charged to the victims' phone bills.

An attacker would only have to send out spam messages with a disguised URL to the manipulated code for the scheme to work. In a post to his website, reported by Engadget, Neculaesei demonstrates the flaw at work in the Facebook Messenger, Gmail and Google+ apps running on an iPhone. Dozens of similar apps might be similarly vulnerable

Rather than blame Apple exclusively, Neculaesei blames the app developers for using the tel: URI irresponsibly. The exact design of the scheme is documented by Apple, and an alternative which forces a prompt, telprompt:, also exists. Apple's URI implementation is meant to give app developers options so that users are not inconvenienced by confirmation dialogs for every call they try to place through an app's interface.

The feature (or bug) takes on a more serious tone when used to trigger FaceTime calls. Users could be tricked into placing video calls which are picked up instantly, at which point screenshots of their faces could be saved without their knowledge.

While the problem is not the result of a traditional security flaw or bug, Apple could force prompts in all cases to mitigate the issue, although this would annoy users.
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Apple, Facebook, Gmail, Google, iOS, iOS security, iPhone, iPhone security, scam
Intex Cloud FX Firefox OS Smartphone Launched at Rs. 1,999
Hackers Target Games to Find Ways to Cheat
Advertisement

Related Stories

Apple’s FaceTime Reportedly Blocked in Russia Alongside Snapchat’s Video Calling Feature
5 December 2025
Apple Announces App Store Awards 2025 Winners; Top Apps Include Tiimo, Cyberpunk 2077: Ultimate Edition, and More
5 December 2025
Apple’s Design Chief Responsible for Liquid Glass UI Reportedly Departs to Join Meta
4 December 2025
iOS 26.2 Release Candidate Update Rolls Out to Beta Testers as Apple Prompts Users to Upgrade to iOS 26
4 December 2025
iPhone 17e Expected to Arrive With Thinner Bezels Alongside Dynamic Island: Report
4 December 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. ACT Fibernet Launches New Broadband Plans With Free OTT Subscriptions
  2. OnePlus 15R Surfaces on Benchmarking Site Ahead of India Launch
  3. Motorola Edge 70 With Pantone's 2026 Colour, Swarovski Crystals Launched
  4. Flipkart Buy Buy 2025 Sale: Nothing Phone 3, Phone 3a Deals Revealed
  5. Flipkart Buy Buy 2025 Sale With Discounts on iPhone 16 Begins on This Date
  6. Realme Watch 5 Launched in India With Up to 16-Day Battery Life: See Price
  7. Xiaomi May Launch This Tri-Fold Phone to Rival the Samsung Galaxy Z TriFold
  8. FaceTime, Snapchat Video Calls Have Reportedly Been Blocked in Russia
  9. HMD 101, HMD 100 With Built-In Radio Launched in India at These Prices
  10. Realme Says It Will Launch Two New Narzo Smartphones in India Soon
#Latest Stories
  1. NotebookLM App Gets an In-Built Camera, Lets Users Upload Images as a Source
  2. HMD 101 Launched in India With 1,000mAh Battery, Auto Call Recording Alongside HMD 100: Price, Features
  3. Crypto Traders Await US Fed Signals as Bitcoin Price Drops to $91,900
  4. Nothing Phone 3a Lite Goes on Sale in India: See Price, Offers, Availability
  5. Realme Narzo Phones Confirmed to Launch in India Soon via Amazon
  6. Samsung Galaxy Watch Ultra 2 Launch Timeline Leaked; Could Debut Alongside Samsung Galaxy Watch 9
  7. Samsung Galaxy S26 Series May Get Exynos 2600 Chipset Exclusively in South Korea: Report
  8. Apple’s FaceTime Reportedly Blocked in Russia Alongside Snapchat’s Video Calling Feature
  9. Anthropic Releases New Claude Tool That Interviews Users About Their AI Usage
  10. ACT Fibernet Launches Revamped Broadband Plans Starting at Rs. 499
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.