Click to Skip Ad
Closing in...

Big security flaw that could cost you a fortune found in iPhone

Published Aug 22nd, 2014 2:05PM EDT
iPhone Security Flaw

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Remember that big security flaw in Android that could allow nefarious sites to trigger phone calls to premium-rate phone numbers, potentially costing you huge amounts of money before you even realize something is wrong? Well, it turns out that a similar flaw exists in iOS, and iPhone users are at risk as well.

Andrei Neculaesei, a developer at Copenhagen-based wireless streaming company Airtame, has discovered that many popular iOS applications include functionality that could be exploited to trigger premium-rate calls on any iPhone.

“When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts,” Neculaesei wrote in a post on his blog. “When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user.”

He continued, “So if I click the link in Safari I get the prompt asking me to confirm my action, if I click the link in a native app’s webView it doesn’t ask and performs the action right away (makes the call).”

Neculaesei noted that hugely popular apps including Facebook, Twitter, Google, LinkedIn, Facebook Messenger and Google+, Gmail and FaceTime are all vulnerable to this flaw.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.