Security flaw in leading mobile apps can trigger expensive calls

A Danish developer has claimed to have found a security flaw in leading apps, that could be exploited. It could be used by hackers to make expensive phone calls from the smartphone. The developer Andrei Neculaesei, who works for Airtame, a company based in Copenhagen, has claimed to have exposed the flaw in popular apps such as Google+ and Facebook’s Messenger. He says, hackers can develop web links using the loophole to prompt the application to make calls, just by clicking on the app. This could result in expensive calls. Hackers take advantage of the Uniform Resource Identifier (URI) scheme. Smartphones use URI to display phone numbers as links.

The Danish developer has made a demonstration of this, or how it can be done, which is in his blog. However Andrei Neculaesei said most apps can be configured, so as to give a warning display when the attempt to make calls is made. But he said the majority of apps are having this option turned off. He said that he tested only a few apps, that are big names. It can be assumed that smaller names and platforms have not thought of this at all, he added. According to MacWorld, Facebook has taken steps to plug the loophole. Previous research also have pointed to security flaws within the URI scheme. Incidentally Facebook Messenger has touched the 500 million downloads mark recently.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!