iPhone browser dialing found to be security threat
is claiming to have discovered a fairly significant threat to iPhone security due to MobileSafari's ability to dial phone numbers found on web pages. The feature can apparently be exploited in various ways, such as redirecting the actual call to a number other than what is viewed on the webpage, tracking calls placed by a site visitor, bypassing the confirmation dialog and forcing the call to continue and even preventing the phone from dialing calls altogether. Imagine clicking on a local number for a restaurant on a malicious website, only to discover you're actually calling an international number and, perhaps more importantly, paying international calling rates.
While SPI Labs has rightly chosen not to disclose the actual nature of the exploit and how to perform it, they do state that they have alerted Apple and are cooperating to plug these holes. If these security threats worry you, SPI Labs recommends that users simply don't use this feature for now. Ultimately, it is probably a safe bet that Apple is working quickly to plug security issues like this and other bugs for a future software update that will be delivered (hopefully) soon.
Thanks Eliot!
