There has been a new bug discovered in iOS which allows hackers to make iPhones make phone calls. But is really a new bug?
Collin Mulliner is a security researcher. Collin Mulliner is a security researcher that stumbled across an iOS bug. This iOS bug allows hackers to force user’s iPhone’s to make telephone calls.
The bug exists in iOS’s WebView. WebView is utilized by apps to display web content within the apps. However, as Mulliner discovered, it’s all too easy to dupe WebView in to making phone calls. This is done simply by sending a user a link through any messaging app utilizing WebView. Unfortunately, this is most messaging apps. Mulliner was very easily able to get this to work with the iOS Twitter app and LinkedIn app. You can watch how it works in these apps below.
Mulliner was a good guy and decided to turn in the bug. Unfortunately, the developers just didn’t seem to care, and his cases were closed, with no fix.
But it’s not just these app developers that don’t seem to care. While the bug Mulliner found was new to him, he had previously discovered a different bug that had the same effect. He discovered this bug in 2008. After finding this new bug, Mulliner decided to go back and look at his old bug. Surprisingly, the bug that was reported back in November 2008, still works! A full 8 years after discovery, a bug which placed the first generation iPhone running iOS 2.1, still affects the iPhone 7 on iOS 10.
While this may not seem as big a threat as a vulnerability which steals user’s information, it is still frightening. Just imagine, a bug so easily exploited, and easily hidden from the user, that can be repeatedly sent out to dial 900 numbers? How much money could user’s be charged, not knowing how or why?
How many times has this attack been used against iPhone users in the last 5 years?
Very frightening indeed.