Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
iOS Chrome Browser Opens Doors To Call Affiliate Hackers
published on 2014-10-07 17:42:00 UTC by Trojan7MalwareContent:
First blog post in a long time, so firstly I apologise for that.
I was looking for a companies contact number to report a bug to them using my phone which is when I discovered this extremely weird bug.
So for my testing I have only tried on an Iphone 5 running iOS 8.0.2 only the current Chrome browser version.
Exploit Landscape:
Chrome includes a feature called "Click-To-Call". I made my call using this feature (yes, opsec fail i know) and you get a message prompt confirming if you wish to make the call or cancel it.
Exploit Technique:
Simply pressing cancel instead of confirm pushes the call through anyway, leaving the user unable to decline a call, at least for a few seconds.
How can this be abused?
A malicious attacker could exploit this by embedding the Click-To-Call code in a malicious web page that then leaves the user with a call they can not decline. Blackhats can profit from this by entering a premium call affiliate and sending their malicious website to unsuspecting users.
I was looking for a companies contact number to report a bug to them using my phone which is when I discovered this extremely weird bug.
So for my testing I have only tried on an Iphone 5 running iOS 8.0.2 only the current Chrome browser version.
Exploit Landscape:
Chrome includes a feature called "Click-To-Call". I made my call using this feature (yes, opsec fail i know) and you get a message prompt confirming if you wish to make the call or cancel it.
Exploit Technique:
Simply pressing cancel instead of confirm pushes the call through anyway, leaving the user unable to decline a call, at least for a few seconds.
How can this be abused?
A malicious attacker could exploit this by embedding the Click-To-Call code in a malicious web page that then leaves the user with a call they can not decline. Blackhats can profit from this by entering a premium call affiliate and sending their malicious website to unsuspecting users.
http://trojan7malware.blogspot.com/2014/10/ios-chrome-browser-opens-doors-to-call.html
Published: 2014 10 07 17:42:00
Received: 2023 03 31 23:02:32
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 0
