Here’s yet another way that bad guys can use your smartphone to do nasty things. A Copenhagen-based developer has just discovered a simple way to automatically make your phone dial expensive numbers.
Let’s say you’re browsing the web in Safari on your iPhone and see a number. Safari presents the number to you as a link that you can instantly tap on. You then get a pop-up asking you if you want to place the call.
Andrei Neculaesei, a developer with wireless streaming company Airtame, discovered that even though Safari asked for a user’s confirmation to place a call, most big-name apps like Facebook Messenger and Google+ will simply go ahead and make the call without asking for the user’s permission. PC World describes how his method works:
He found a malicious way to abuse the behaviour. He created a Web page containing JavaScript that caused a mobile application to trigger a call after someone merely viewed the page.
Turns out that besides Facebook Messenger and Google+, Gmail and FaceTime too are vulnerable to this. Check out Neculaesei’s complete blog post on his website where he goes into more detail. Yes, you should be worried. [PC World]