Gives a new meaning to...
There's an app for that.
Apple's iOS is vulnerable to web-based attacks that force third-party apps to make phone calls and carry out other sensitive operations without first warning the user, a security researcher has warned. Researcher Nitesh Dhanjani shows here how the planting of a simple iframe on a webpage can force the Safari browser to open …
This post has been deleted by its author
So long as we can have equivalent no Android, Symbian, Crackberry, (insert other random tech) weeks.
Whether people like it or not, the iPhone/Pad/Pod is a technical device and this is a technical matter being raised on a tech website.
You don't have to read an article if you don't want to - there are one or two other articles around here, otherwise, you could always go to www.disney.com.
"Apple's security team told him the onus is on third-party app developers to make their programs ask for permission before carrying out such actions"
You sold/passed the app through the wonderful Jobsian application filter that is supposed to weed out crud like this.
You passed it on, you carry the can Jobs!
Increasingly people must question Apple's poor code verification as well as what they laughingly call :quality control".
Some of the faults should have been caught before Lemon 4 hit the stores. The pressure to deliver must have been great but as Ford proudly boasts: "Quality is Job 1".
Jobs' attitude that he and Apple are better than anyone (sic) invites criticism. If Jobs' spent less time sticking his prowess in the face of others, he might garner some sympathy.
He can spend untold hours fruitlessly (no pun intended) locking up his little toy but what's the point if it's so dysfunctional? The 'free calling' when locked and remote web site calling are major flaws that should have been caught months ago.
Even iPhans patience has limits, it's reaching the point of abuse now.
"As long as Skype is installed and it stores the victim's account password, the attack will work with no warning, he wrote."
Absolutely no warning, apart from you know - the Web page you are browsing disapearing and Skype launching instead and dialling a number.
The article makes it sound as if the dialling would happen sneakily in the background. I reckon having an application, that you installed launch right in your face and stop your browsing session might be a bit of a clue.
iPhans/fanbois are different from Android people as they are obviously very happy for Jobs' to make decisions for them and how they can use the new tethered (to Jobs) toys.
Android folk, as well as others, are more independent and, seemingly, more technical. They are used to making decisions.
If Apple offers App control panels to select services by users, this will be a sharp turn in the road - iPhans are simply not prepared for this operating change, it is a significant Apple psychological change that they may not be prepared to handle without careful thought being given to this sea-change.
This is an app URL. An App url will load the application which registers to handle the URL. For instance if you click on a web url in an email, the OS passes that specific URL to the app which handles a standard web URL - your default browser.
All OSes do this. Phone or not.
If you click an email URL in any text field the OS passes this to the email app.
Click on a location and the OS handles it by sending it to Maps, or whatever app registered to handle locations.
Click on a skype URL ( which would have skype somewhere in it's namespace) then skype gets the URL and handles it by calling the number. Which:
a) has nothing to do with the OS which passes on the url to the app registering for it. The rest of the URL is just a number.
b) Is a feature, not a bug. It is as expected. Click on a number and the OS will try and call it. You can possibly stop the call if your IQ was above 75.
Which excludes the first 16 commentators. This is not a security violation, all OSes do it, and the tin foil comicbookguy shut ins who hate everything Apple are not as smart as they think they are. I own smarter dogs.
Presumably you missed the bit about using an iFrame to automatically make the call, not requiring the user to click on anything. Perhaps your dogs could teach you to read thoroughly?
Certainly it's easy enough to cancel an unwanted call, but the point is that it should not be possible to initiate a call unbidden in the first place.
I'd have thought the fact that safari disappears and skype appears in its place telling you it's currently dialling a number would probably be a pretty big clue.
Plus, hey ho boys and girls, that's not a bug, it's a feature. URL handling is working as designed, and much as you little bitches love to bash Apple, it IS the responsibility of the application to sanitise input and decide what to do with it. Always.
Another day, another example of a self aggrandising 'security researcher' misunderstanding practically everything except how to get his name in the news, and the same tired, ignorant reaction from the commentards.
Same old, same old.
Remember the old Modem Redialer Attacks?
Make some money, make them call through some south sea island for fun and profit!
Call 900 numbers with exorbitant fees, or just plain cause embarrassment with all those Goat Lust calls...
The iPhone Eloi can tell you, "There's an app for that..."
What is the problem here actually? If anything it should be the Skype app handling the dialogue before just doing what another application tells it to do.
What's next week from this 'security analyst' that you can connect to a an ftp site? Or perhaps use nfs or afp or what ever URL link.
Sometimes a little bit of knowledge can make you look like a fool.
"You have clicked a link. Links may lead to different websites and/or services, which may be harmful. Do you want to proceed?"
"You clicked on 'Yes'. Clicking on affirmative buttons could cause an action you have requested to be actually executed. Are you sure you want to proceed?"
Splendid idea. Put this into iOS, then every Vista user will feel right at home.
Where do you want to go today?