Alert: Don't use iPhone Web dialer

Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

lilo

New Member
Bronze
Jul 2, 2007
66
0
0
#1
Quote:

Attackers could exploit a bug in this feature to trick a victim into making phone calls to expensive "900" numbers or even keep track of phone calls made by the victim over the Web, said Billy Hoffman, lead researcher with SPI Labs. The iPhone could even be stopped from dialing out, or set to dial out endlessly, he said.

"Because this vulnerability can be launched from Web sites, everybody who has an iPhone has the potential to get exploited," Hoffman said .

Details here: http://www.infoworld.com/article/07/07/16/Security-firm-says-to-not-use-iphone-Web-dialer_1.html
 

Silverado

New Member
Bronze
Jul 6, 2007
332
0
0
#2
I think the article goes WAY too far in recommending that we don't use the feature at all. The phone always asks you to confirm that you want to dial the number before dialing. The recommendation should be to review the number before confirming when using unknown sites.
 

spacerog

New Member
Bronze
Jun 11, 2007
463
0
0
www.spacerogue.net
#3
In order for the attack to work, the bad guys would have to either trick iPhone users into visiting a malicious Web site or make a legitimate Web site send untrustworthy information to the iPhone using what's known as a cross-site scripting attack.

SPI is not releasing detailed information on how the Web dialing feature could be exploited

Whatever, I'm not worried. Sounds like a pretty remote hole. I haven't even used this feature yet at all. I don't see how anything on a web page could prevent the phone dialing out. Worst case just reset the phone, that should fix it.

- SR