Unauthorized Launch: How Malicious URL’s Can Trick iPhone Apps

This image described by iPhone URL scheme, iPhone security hole, Security_iphone_passcode

Over on the SANS Application Security Street Fighter Blog, security researcher and guest poster Nitesh Dhanjani has an eye-opening article on how Apple's URL Schemes can pose a grave danger to iPhone owners, in that they can seize control of the phone's external apps in unexpected ways.  F'rinstance: a URL with a "tel:" scheme is generally a phone number to call.  Click on this link in iOS Safari, and it's smart enough to confirm with you that you really want to call that number BEFORE it launches the Phone app.  But suppose you have Skype installed, and Skype has cached your user credentials so you don't have to log in every time?  Click on the same link, and not only is Skype launched, it'll dial the number without any warnings.  And if the phone URL's on a malicious site, God only knows what'll happen once that call connects…

To make matters worse, Dhanjani brought the issue to Apple's attention — only to be told "Hey, it's the third-party app's fault it didn't double-check for authorization."  Not a great answer, needless to say.

(If you're not humming Garbage's "I Think I'm Paranoid" right about now, check out our article "5 of the Most Notable iOS Security Holes We've Seen."  And be afraid.  Be VERY afraid…)

About iSmashPhone.com