Support Our Site
Get Better Gear!
- ifrogz Luxe EarPollution Microbud Earphones with Mic from ifrogz, $24.99
- iRingPro iPhone ringtones from Hladecek, US$9.95 per pack
- Retro Recorder 1.1.1 from McDSP, $2.99
- Voi! Lorem™ iPhone case from eNcipient, LLC, US$24.95
- YAPPER from SachManya, $499
Premier Sponsors
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
- World Party
- The Damned
- Punk rock is mostly associated with three chords and a bad attitude, but the Damned were one of the few bands of the era bent on bringing musicianship and a good sense of humor to the scene. And while
- Death Cab for Cutie
With the introduction of Plans, Death Cab for Cutie became a new addition to many user's Artist list after the single "Soul Meets Body" became a hit on iTunes. Offering a fresh alternativ
Music Has The Right To Children
- Boards of Canada
- This one will haunt you. From the first notes to the last, their sound surrounds you. BOC has put out a fantastic catalogue, and this album is a great starting point for a new listener. Jump straight
- The Strokes
The Strokes set the music world on fire with this 2001 album, with headlines declaring that the New York band was here to save Rock and Roll. While the band hasn't made as much of a splash since t
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Safari Exploit Allows Hacker to Call 1-900 Numbers
Wednesday, November 19th, 2008 at 3:00 PM - by Bryan Chaffin
An exploit has been discovered in the Safari Web browser on iPhone that could allow a maliciously-crafted Web page take control of your iPhone and force it to dial any phone number, for instance a nice, expensive 1-900 number that could cost the user dearly.
The exploit was discovered by the Institute for Fraunhofer for Safe Information Technology (SIT) in Germany last month. According to the SIT, they immediately informed Apple, and a fix will be released on November 21st, 2008. Apple’s usual corporate policy is to not announce or discuss vulnerabilities until they release a patch.
The exploit involves tricking an iPhone user into clicking on a link, say in piece of e-mail, an SMS text message, or even from another Web page. That link would take the user to a Web page with as few as three lines of code that trigger the exploit. The iPhone’s screen then blanks out, a dialog that can’t be interacted with shows that the phone is dialing, and the deed is done.
SIT has posted a video demonstration of the exploit that merely dials another cell phone sitting next to the iPhone. Any number could be dialed, but a 1-900 number would be a likely choice for hackers, as it would allow them collect money merely by having received the call at their 1-900 "service."
SIT’s announcement was first reported by German magazine Der Spiegel, and pointed out to us by Matthis Drolet (thanks for the head sup, Matthis!) SIT released the following images demonstrating the process:
The bad guy sends an e-mail or SMS text message with a URL
The iPhone switches over to Safari, and shows (in this case) what looks like a blank page
Surprise! Your iPhone is dialing a number!
Now your iPhone appears to be locked up while the call goes through...
Recent Headlines
- Namco Unveils UniteSDK For Cross-Platform Online Gaming
- The iPad’s On-Again, Off-Again Camera
- iPhone Sees 97.9% Year-Over-Year Jump in Shipments
- iPhone Maintains Number Two Spot in US Smartphone Market
- iPhone OS 4.0 Expected to Finally Introduce True Multi-tasking
- Apple iPad Pre-orders Kick Off on March 12
- Apple, RIM, Others Hit With Cell Phone Patent Suit
Post Your Comments