Beware of Web Dialing via iPhone’s Safari Browser

iPhone’s web dialing feature — that is, the ability to tap a phone number from within the Safari browser in order to call it — poses a potential security problem, warned research firm SPI Labs.

In a blog post from the SPI Laboratory, one researcher said iPhone’s web dialing feature could “be exploited by attackers to perform various attacks,” including:

  • Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
  • Tracking phone calls placed by the user
  • Manipulating the phone to place a call without the user accepting the confirmation dialog
  • Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
  • Preventing the phone from dialing

I personally love the web dialing feature. SPI Labs said it is working with Apple to resolve the issue.

Commenters on the SPI blog pointed out that other smartphones have a similar web dialing feature, which is seldom exploited. SPI responded by saying that it had only tested the iPhone.

Leave a Comment