By Darren Pauli, 2 Sep 2014
iThing Users can be identified, images of their faces captured and their phones forced to call numbers – all thanks to coding schemes affecting Facebook, Google, and Twitter, among other sites and services, security researchers say.
Attackers and pranksters can force iOS coding schemes to send an SMS or an instant message through Facebook, Google Plus or GMail which, when opened, made the victims phone place a call without first triggering a prompt confirming the action.
The flaw can also be used to unmask anonymous Twitter users by baiting them to open links which would in turn force their devices to place phone calls.
FaceTime calls can also be placed, allowing an attacker to potentially capture a still image of a victims' face.
These attacks can be crafted to trigger the action without any interaction from the victim, save for the visiting the page.
The Register/ full article here/ http://www.theregister.co.uk/2014/09/02/crap_ios_schema_can_reveal_anonymous_social_media_users/
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.