[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] SPI Labs finds flaws with Avoid iPhone's web dial

From: "Billy Hoffman" <Billy.Hoffman@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] SPI Labs finds flaws with Avoid iPhone's web dial
Date: Tue, 17 Jul 2007 13:21:46 -0400

The Apple iPhone's Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including: 

-Redirecting phone calls placed by the user to different phone numbers of the attacker's choosing 

-Tracking phone calls placed by the user 

-Manipulating the phone to place a call without the user accepting the confirmation dialog 

-Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone 

-Preventing the phone from dialing 

These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm. 

For example, an attacker could determine that a specific website visitor "Bob" has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob's phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss. 

SPI Labs researchers reported these issues to Apple on July 6 and are working with Apple to remediate the problems. However, SPI Labs recognizes the unique urgency of these issues and the large number of people that could be affected. As such, SPI Labs recommends that iPhone users do not use the built-in Safari browser to dial telephone numbers until Apple resolves these issues.

And no, it's not a buffer overflow. I'd be hard pressed to buffer overflow my way out of a Win95 box :-)

Billy Hoffman
--
Lead Researcher, SPI Labs
SPI Dynamics Inc. - http://www.spidynamics.com
Phone:	678-781-4800
Direct:	678-781-4845


Attend SPICON 2.0 - SPI Dynamics' User Conference - and earn CPE credits. 
Sign up today at http://www.spicon2007.com/.


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] Client-side JavaScript XSS Scanner - runs straight from your browser
Next by Date: [WEB SECURITY] HDIV: Struts 2 Security Plugin
Previous by thread: [WEB SECURITY] Client-side JavaScript XSS Scanner - runs straight from your browser
Next by thread: [WEB SECURITY] HDIV: Struts 2 Security Plugin
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site