Latest in Apple

Image credit:

App security flaw makes your iPhone call without asking

155 Shares
Share
Tweet
Share
Save

Sponsored Links

If you're an iPhone user, you may want to be cautious about opening messages that contain phone numbers in the near future; they may cost you a lot of money. Developer Andrei Neculaesei notes that maliciously coded links in some apps will abuse the "tel" web handler (which covers dialing) to automatically make a phone call the moment you view a message. Potentially, an evildoer could force you to call an expensive toll number before you've had a chance to hang up. The exploit isn't limited to any one app or developer, either. Facebook Messenger, Gmail and Google+ all fall prey to the attack, and it's likely that other, less recognizable apps exhibit similar behavior. Apple's Safari browser will ask you before starting a call, but FaceTime's behavior lets you pull a similar (though not directly related) stunt.

In many cases, it's the developers who are to blame. They're supposed to put tighter controls on what happens when a number comes in, such as giving you a warning. However, Apple could theoretically mitigate the issue by requiring prompts for all phone links. You may not have to worry about a spam flood in practice, but let's hope app writers act quickly -- as Android users have already learned, "tel" exploits can cause a lot of grief if left unchecked.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
155 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Steam is holding a sale to celebrate the launch of Remote Play Together

Steam is holding a sale to celebrate the launch of Remote Play Together

View
'Gylt' hands-on: Stadia's first exclusive game is simply spooky

'Gylt' hands-on: Stadia's first exclusive game is simply spooky

View
The 16-inch MacBook Pro has a mysterious 'lid angle sensor'

The 16-inch MacBook Pro has a mysterious 'lid angle sensor'

View
Amazon made big price cuts on its Echo and Fire TV devices for Black Friday

Amazon made big price cuts on its Echo and Fire TV devices for Black Friday

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr