Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

iOS Chrome Browser Opens Doors To Call Affiliate Hackers

published on 2014-10-07 17:42:00 UTC by Trojan7Malware
Content:
First blog post in a long time, so firstly I apologise for that.


I was looking for a companies contact number to report a bug to them using my phone which is when I discovered this extremely weird bug.

So for my testing I have only tried on an Iphone 5 running iOS 8.0.2 only the current Chrome browser version.


Exploit Landscape:
Chrome includes a feature called "Click-To-Call". I made my call using this feature (yes, opsec fail i know) and you get a message prompt confirming if you wish to make the call or cancel it.

Exploit Technique:
Simply pressing cancel instead of confirm pushes the call through anyway, leaving the user unable to decline a call, at least for a few seconds.

How can this be abused?
A malicious attacker could exploit this by embedding the Click-To-Call code in a malicious web page that then leaves the user with a call they can not decline. Blackhats can profit from this by entering a premium call affiliate and sending their malicious website to unsuspecting users.
Article: iOS Chrome Browser Opens Doors To Call Affiliate Hackers - published about 10 years ago.

http://trojan7malware.blogspot.com/2014/10/ios-chrome-browser-opens-doors-to-call.html   
Published: 2014 10 07 17:42:00
Received: 2021 06 06 09:05:03
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor