In association with heise online

21 November 2008, 09:51

iPhone dials by remote control

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Fraunhofer Institute for Secure Information Technology (SIT) reports it has found a security hole in the iPhone which allows a web page to make the mobile phone dial arbitrary phone numbers. It appears that users can't abort the dialling process; the iPhone no longer responds to the home key and other key inputs.

That the Safari iPhone browser allows phone numbers to be dialled directly via tel: links has been discussed as a potential problem for quite some time. In September 2007, Apple released the iPhone v1.1.1 update in an attempt to stop links from being exploited for unwanted calls – it seems this measure wasn't entirely successful.

Collin Mulliner now appears to have found a new way of bypassing or auto-answering the confirmation dialog. In an interview with heise Security, the expert emphasised that it is not sufficient to disable JavaScript in Safari. He said protection will only provided by Apple's next firmware update to version 2.2, which just has been published. iPhone users are advised not to click on links contained in emails until they updated to this version.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit