Apple iPhone flaw that allows stealth calls could cost you a fortune

In the past we’ve come across the security loophole in Android that allowed attackers to make hidden calls from the device, and now a new iPhone flaw on similar lines has surfaced. With this flaw, malicious minds could easily make premium calls from the iPhone that could end up costing you a fortune. It could also lead to issues like identity theft.

Andrei Neculaesei , a developer at Airtame, a Copenhagen-based wireless streaming company has discovered that popular iOS applications come with functionality that can be manipulated to trigger premium-rate calls on an iPhone. Phone numbers appear as links on a mobile device that can be used by a Uniform Resource Identifier (URI) called tel to make a call. This is the hotly-debated patent that Apple had accused Samsung of infringing.

Neculaesei wrote in a blog post, “When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts. When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.”

The big problem is that if a user clicks the link within Safari, they get a prompt asking to confirm the action, but in a native app’s webView the phone doesn’t ask and performs the action right away (makes the call). The flaw isn’t limited to any particular app or developer, it could affect any app from Gmail and Facebook Messenger to something lesser known. Essentially any app that can use the tel URI is susceptible.