Security firm SPI Labs claims to have discovered a threat to the iPhone’s security via the handset’s built-in MobileSafari browser. The company claims that the browser, which features an ability to dial phone numbers found on web sites, can be exploited in the following ways:
-Redirecting a call to a phone number other than the one seen on a given web site.
-Tracking calls to a site visitor.
-Bypassing the confirmation dialog box and forcing the call to continue.
-Preventing the phone from dialing calls altogether.
The firm has offered examples in which a user clicks on a malicious web site, then discovers they’re calling an international number and paying those rates.
According to The Unofficial Apple Weblog, SPI Labs has opted not to disclose the actual nature of the exploit and how to perform it. The company has stated that they have alerted Apple and are cooperating with the company as to how to plug these holes. SPI Labs has also commented that the feature can simply not be used if users are worried about security.
If nothing else, the first iPhone software update should prove interesting.
Let us know your comments, ideas and thoughts on this over in the forums.
Security firm SPI Labs claims to have discovered a threat to the iPhone’s security via the handset’s built-in MobileSafari browser. The company claims that the browser, which features an ability to dial phone numbers found on web sites, can be exploited in the following ways:
-Redirecting a call to a phone number other than the one seen on a given web site.
-Tracking calls to a site visitor.
-Bypassing the confirmation dialog box and forcing the call to continue.
-Preventing the phone from dialing calls altogether.
The firm has offered examples in which a user clicks on a malicious web site, then discovers they’re calling an international number and paying those rates.
According to The Unofficial Apple Weblog, SPI Labs has opted not to disclose the actual nature of the exploit and how to perform it. The company has stated that they have alerted Apple and are cooperating with the company as to how to plug these holes. SPI Labs has also commented that the feature can simply not be used if users are worried about security.
If nothing else, the first iPhone software update should prove interesting.
Let us know your comments, ideas and thoughts on this over in the forums.