Here’s yet another way that bad guys can use your smartphone to do nasty things. A Copenhagen-based developer has just discovered a simple way to automatically make your phone dial expensive numbers.
Andrei Neculaesei, a developer with wireless streaming company Airtame, discovered that even though Safari asked for a user’s confirmation to place a call, most big-name apps like Facebook Messenger and Google+ will simply go ahead and make the call without asking for the user’s permission. PC World describes how his method works:
He found a malicious way to abuse the behaviour. He created a Web page containing JavaScript that caused a mobile application to trigger a call after someone merely viewed the page.
Turns out that besides Facebook Messenger and Google+, Gmail and FaceTime too are vulnerable to this. Check out Neculaesei’s complete blog post on his website where he goes into more detail. Yes, you should be worried. [PC World]