Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Websites Can Initiate Skype Calls On iOS

Posted by Soulskill on from the buck-passing dept.

An anonymous reader writes "In this article, security researcher Nitesh Dhanjani shows how iOS insecurely launches third-party apps via registered URL handlers. Malicious websites can abuse this to launch arbitrary applications, such as getting the Skype.app to make arbitrary phone calls without asking the user. Dhanjani 'contacted Apple's security team to discuss this behavior, and their stance is that the onus is on the third-party applications (such as Skype in this case) to ask the user for authorization before performing the transaction.' He also discusses what developers of iOS apps can do to design their software securely and what Apple can do to help out."

1 of 177 comments (clear)

  1. 3rd Party Responsibility? by WrongSizeGlass · · Score: 5, Interesting

    [disclaimer: Mac & iPhone user]

    The responsibility is on 3rd party app developers? Hogwash! If Apple wants full control of the app development & distribution process then they get the full responsibility for the security too. Yes, 3rd party apps need to be smart and act in the best interest of the user but Apple's stranglehold of the environment puts this squarely on their shoulders. Fix it Apple, plain and simple.