Security breach can force your Apple iPhone to make costly phone calls
Andrei Neculaesei, a developer from Copenhagen company Airtame, has discovered a security breach that can have your Apple iPhone dialing expensive phone numbers at your expense, without your permission or even knowledge. The security breach can be designed so that every time you visit a certain website, your iPhone is reaching into your wallet, making a very expensive call.
When you click on a phone number from a link in iOS, you are asked if you want to make the call, right? So how could these expensive calls take place under your nose. Well, the truth is that if you go to a native mobile app, the call can be made without requesting your permission. It is that flaw that is being taken advantage of by the criminals.
For example, let's say that you are on Facebook Messenger. Since this is a native app, there is no prompt to ask you if you are sure you want to make a call if you press on a link. To make matters worse, Neculaesei used javascript to come up with a way to make the link click itself automatically. Thus, the call is made without you realizing what is going on. And what is going on, is a very expensive hit to your bank account thanks to a call to a premium phone number. The call is made automatically, without your approval, simply by looking at a certain website.
source: RTFMData via PCWorld, TechRadar
For example, let's say that you are on Facebook Messenger. Since this is a native app, there is no prompt to ask you if you are sure you want to make a call if you press on a link. To make matters worse, Neculaesei used javascript to come up with a way to make the link click itself automatically. Thus, the call is made without you realizing what is going on. And what is going on, is a very expensive hit to your bank account thanks to a call to a premium phone number. The call is made automatically, without your approval, simply by looking at a certain website.
The best way to put an end to this thievery, is for companies like Facebook and Google to put up the prompts on their sites just to make sure that you do give permission for your phone to dial a number obtained from a link on a native mobile app.
source: RTFMData via PCWorld, TechRadar
Things that are NOT allowed: