iPhone/Safari dialer could pose security risks

Another day, another security concern regarding the iPhone. It almost seems that iPhone hype has given way to an iPhone security backlash, with news outlets competing to see who can be the first to break the news of a theoretical flaw in the phone's OS. However, the latest such vulnerability could really have some teeth: security researchers at SPI Labs are reporting that the iPhone's ability to call direct from a web link could be easily exploited by a malicious programmer. "For example, an attacker could determine that a specific website visitor 'Bob' has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob's phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss," SPI Labs reported. While no such exploits have been seen in the wild, this is probably yet another reason why the first generation iPhone isn't quite enterprise-worthy.

For more on the theoretical flaw:
- see this ZDnet report

Related Article:
Duke University suspects iPhones behind WLAN issues