Friday, November 11, 2016

iOS bug allows repeated calling of a number as you press a link

I know it will be hard to stay clear from this one, but there's a bug on iOS that allows an attacker to repeatedly call a number from your iPhone with little chance of you stopping it in time.

This bug has already warranted the arrest of a teenager that nearly shut down emergency services with hundreds of repeated calls to 911; but the trick can be used for more than just that.

The attack abuses the feature that allows you to call a number by clicking a link on a webpage, as it uses javascript to refresh the page and/or open multiple apps, which will freeze the iOS interface for a while, preventing you from cancelling the call. To make it even stranger, this is a bug Apple has fixes a long time ago (on iOS 3) but forgetting to to the same for WebViews - the component iOS apps use whenever they want to show a web page.

Besides calling to an emergency number, the same attack could be used more selectively to targeted people, forcing their phones to call a number under the attackers control in order to obtain their phone numbers for harassment or phone-based phishing attacks.

Apple should quickly sort this out in a iOS minor update, but until then be aware of what you click on your iPhone.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store