48
The vulnerability of the iPhone associated with calls to paid numbers
Detection of certain vulnerabilities of any smartphone is only a matter of time. No matter how the creators of smartphones claim that their offspring are immune to hackers, all this is very far from the truth. The recently discovered security flaw in the iPhone is further proof.
Hackers have repeatedly proven that iPhones and iCloud server accounts can be easily hacked. No matter how hard the security staff in the depths of Apple to resist hacker groups, there is always one or two ways to get around all the prohibitions and locks.
This time, the portal PC World published important information about a serious vulnerability of Apple smartphones, which can potentially hit the wallet of their owners. And this vulnerability works ridiculously simple: hackers can place a malicious link on one of the sites on the Network, when you click on which in the browser your smartphone will immediately start calling a certain phone number. If you do not have time to react and do not drop the call, you can fly a considerable amount, because the number, as you understand, is paid.
The vulnerability was discovered by Andrei Nekulaesi, an employee of the company Airtame, which develops streaming technologies. Although in most cases, Safari offers the user a choice of whether to call or not to call the number listed on the page, some third-party apps like Facebook Messenger or Google+ bypass this important step and immediately start dialing.
Given that a malicious link can be sent in the form of an ordinary message, there is a great chance that the user will actually click on it and become poor for a certain amount of money, even without knowing it.
Andrey has found a way in which attackers are able to circumvent iOS bans on making calls without notifying the user. He created a web page containing a certain JavaScript code that immediately transfers the user from link to call to a paid number.
In addition to Facebook Messenger and Google+, Gmail and FaceTime are also affected. The author investigated only a few large applications for vulnerability. If even Google and Apple didn’t anticipate this issue, then what about small studios whose apps can also lead to premium phone calls?
This is what the harmless code of the link looks like when you click on it, the allert will pop up telling you that you can make a call to the number “0000”, but only if you want to.
But this is how the code looks, which bypasses any notifications and immediately begins to dial to the specified number "0000".
So far, neither Google nor Apple has responded to the discovery. But let’s hope that the creators of iOS and Android will take note of this vulnerability and patch this gap in future versions of their operating systems. In the meantime, just be careful when clicking on links from people you don’t know and when visiting sites you don’t trust.
Source:hi-news.ru
Source: /users/1617