Support Our Site
Get Better Gear!
- Kensington Windshield/Vent Car Mount with Sound Amplified Cradle for iPhone from Kensington, $39.99
- SigFx Energy iPhone Case Contains Smart Battery from SigFx Energy, US$69.95
- NAVIGON AG - True GPS Software for the iPhone from NAVIGON Inc., 89.99
- Tweetie 2 from atebits, $2.99
- Snood: Flawed Casual Play from Electronic Arts, US$3.99
Premier Sponsors
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
Bowie at Beeb: Best of BBC Radio 68-72
- David Bowie
The companion CD to a BBC television concert, BBC Radio Theatre has some of the best renditions of many of Bowie's best songs throughout his career. "I'm Afraid of Americans" is substantial
- Brian Eno
- In his first proper solo release since 1996's relatively cold "The Drop," Brian Eno has constructed a whimsical and ecclectic masterpiece which is arguably one of the year's strongest records thus fa
- The Stooges
Another pillar of my musical foundations, The Stooges' first album is one those records whose influence far outweighed its popularity. Like The Velvet Underground & Nico, hordes of people wh
- Bauhaus
Go Away White is an album I've been waiting more than 20 years to hear, and the good news is that it was worth the wait. The latest -- and last, no...for real this time -- album from
- Jellyfish
- The second and final album from this power-pop group makes me wish Jellyfish had been able to make just one more record together. The album is best enjoyed as a whole piece, flowing from one track to
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Safari Exploit Allows Hacker to Call 1-900 Numbers
Wednesday, November 19th, 2008 at 3:00 PM - by Bryan Chaffin
An exploit has been discovered in the Safari Web browser on iPhone that could allow a maliciously-crafted Web page take control of your iPhone and force it to dial any phone number, for instance a nice, expensive 1-900 number that could cost the user dearly.
The exploit was discovered by the Institute for Fraunhofer for Safe Information Technology (SIT) in Germany last month. According to the SIT, they immediately informed Apple, and a fix will be released on November 21st, 2008. Apple’s usual corporate policy is to not announce or discuss vulnerabilities until they release a patch.
The exploit involves tricking an iPhone user into clicking on a link, say in piece of e-mail, an SMS text message, or even from another Web page. That link would take the user to a Web page with as few as three lines of code that trigger the exploit. The iPhone’s screen then blanks out, a dialog that can’t be interacted with shows that the phone is dialing, and the deed is done.
SIT has posted a video demonstration of the exploit that merely dials another cell phone sitting next to the iPhone. Any number could be dialed, but a 1-900 number would be a likely choice for hackers, as it would allow them collect money merely by having received the call at their 1-900 "service."
SIT’s announcement was first reported by German magazine Der Spiegel, and pointed out to us by Matthis Drolet (thanks for the head sup, Matthis!) SIT released the following images demonstrating the process:
The bad guy sends an e-mail or SMS text message with a URL
The iPhone switches over to Safari, and shows (in this case) what looks like a blank page
Surprise! Your iPhone is dialing a number!
Now your iPhone appears to be locked up while the call goes through...
Recent Headlines
- Apple TV 3.0.1 Update Fixes Missing Content Bug
- Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- iPhone Moves Into RadioShack
- Dictionary, Dictionary, Dictionary, And More
- The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- iPhone Game Developer Sued for Collecting User’s Cell Numbers
- Apple May Be Bringing RFID to the iPhone
Post Your Comments