Apple managed to create major fuzz about their iPhone, which is again a neatly designed but technically less than impressive device by the fruit company. Apparently they have left in a severe security issue while working on the web browsing features of the phone. The Safari web browser of the iPhone has the ability to utilize device telephony features, but the trick is that it could be exploited to force the device to make calls to expensive service numbers, potentially causing plenty of expenses to the users.

Lead researcher with SPI Labs, Billy Hoffman, explained that hackers could exploit a bug in this feature, and trick victims into making phone calls to expensive ‘900′ numbers. Else, hackers could misuse the feature to keep tabs on phone calls made by victims over the Web. Hoffman said in this way, either the iPhone could be stopped from dialing out altogether or made to dial endlessly.

The way the attack works, according to Hoffman, is when hackers either trick iPhone users into visiting a malicious Web site or get a trusted Web site to send dicey information to iPhones using what’s called a cross-scripting attack.

Hoffman warned that every time content getting sent to the iPhone is controlled, the possibility of an attack exists. And that as the vulnerability can be launched primarily from Web sites, anyone with an iPhone is at risk of getting exploited.

SPI Labs said it has contacted Apple, and that the duo are working towards some sort of a solution for this problem.

Source: Techtree