iPhone’s web dialing feature — that is, the ability to tap a phone number from within the Safari browser in order to call it — poses a potential security problem, warned research firm SPI Labs.
In a blog post from the SPI Laboratory, one researcher said iPhone’s web dialing feature could “be exploited by attackers to perform various attacks,” including:
- Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
- Tracking phone calls placed by the user
- Manipulating the phone to place a call without the user accepting the confirmation dialog
- Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
- Preventing the phone from dialing
I personally love the web dialing feature. SPI Labs said it is working with Apple to resolve the issue.
Commenters on the SPI blog pointed out that other smartphones have a similar web dialing feature, which is seldom exploited. SPI responded by saying that it had only tested the iPhone.