Join Transform 2021 this July 12-16. Register for the AI event of the year.


Facebook is pushing out an important update to its Messenger app, fixing a flaw that allowed potentially expensive phone calls to be made without user consent, says Tech Radar.

The security gap was first discovered last week by developer Andrei Neculaesei. Neculaesei found that Apple’s mobile iOS has a hole that allows developers to create a URL that automatically dials a phone number when the link is clicked. If that link is clicked inside a mobile web browser, a message will pop up asking if you want to proceed to make the call. However, “when a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user” writes Apple in its developer reference guide.

What’s more, Neculaesei says hackers can create self-clicking telephone links (or “tel links”) in JavaScript, so your phone automatically calls the number embedded in a link without you ever clicking on it. If the URL is connected to a premium phone number, you’ll get charged as soon as the person at the other end of the line picks up.

So far, Facebook is the only company to respond to the threat, though the update hasn’t hit the App Store yet. The company told Tech Radar it would be releasing an update in the next few days. Google Plus, Gmail, and any other app that doesn’t have a custom framework for tel links are also susceptible to these kind of attacks.

To date, Apple hasn’t commented on the security flaw.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member