Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Websites Can Initiate Skype Calls On iOS

Posted by Soulskill on from the buck-passing dept.

An anonymous reader writes "In this article, security researcher Nitesh Dhanjani shows how iOS insecurely launches third-party apps via registered URL handlers. Malicious websites can abuse this to launch arbitrary applications, such as getting the Skype.app to make arbitrary phone calls without asking the user. Dhanjani 'contacted Apple's security team to discuss this behavior, and their stance is that the onus is on the third-party applications (such as Skype in this case) to ask the user for authorization before performing the transaction.' He also discusses what developers of iOS apps can do to design their software securely and what Apple can do to help out."

12 of 177 comments (clear)

  1. GOOD! by Anonymous Coward · · Score: -1, Troll

    Stupid Macfags. Fuck Apple products with a rubber dick. Then break it off when it's far up their faggot asses. Niggers.

  2. Re:Once again proving... by MichaelKristopeit162 · · Score: -1, Troll

    did apple install skype on the user's device? did apple register the URL handler?

  3. Re:3rd Party Responsibility? by MichaelKristopeit122 · · Score: 0, Troll
    i don't understand... if it's so clearly a problem with the app, then how come every post claiming this is a security flaw on apple's part is moderated +5 insightful?

    oh, right...

    slashdot = stagnated

  4. Re:Apple should handle but it's Skype's fault by MichaelKristopeit123 · · Score: 0, Troll
    i don't understand... if he doesn't know what he's talking about, then why is he moderated +5 insightful?

    oh right...

    slashdot = stagnated

  5. Re:Once again proving... by MichaelKristopeit119 · · Score: -1, Troll
    i'm confused... so do you believe the user should or should not be allowed to install 3rd party software that does what they ask of it?

    or would you rather have a dialog pop up every time you open a mailto: link?

    Hint: you're a retard

    why do you cower? what are you afraid of?

    you're completely pathetic.

  6. Re:Once again proving... by MichaelKristopeit172 · · Score: 0, Troll

    I would rather have a pathetic:MichaelKristopeit link always reply "Yes, pathetic".

  7. Re:Once again proving... by MichaelKristopeit118 · · Score: -1, Troll
    "MichaelKristopeit172" is operated by an individual attempting to steal my identity.

    to the cowardly individual responsible: present yourself to me, admit what you've done; and i'll bring upon you the ultimately punishment for your transgressions.

    you're COMPLETELY pathetic.

  8. Re:Once again proving... by MichaelKristopeit172 · · Score: 0, Troll

    "MichaelKristopeit118" is operated by an individual attempting to steal the identity of "MichaelKristopeit162".

    you're pathetically predictable.

  9. Re:Once again proving... by MichaelKristopeit119 · · Score: -1, Troll
    "MichaelKristopeit172" is operated by an individual attempting to steal my identity .

    to the cowardly individual responsible: present yourself to me, admit what you've done; and i'll bring upon you the ultimately punishment for your transgressions.

    you're COMPLETELY pathetic.

  10. Re:3rd Party Responsibility? by BasilBrush · · Score: 0, Troll

    Then, in the next iOS update (or the one after, if the next update is scheduled to be too soon) there will suddenly be a prompt for launching applications via registered URL handlers, possibly with some hype about how Apple is looking out for you, but not necessarily.

    No they won't. Confirmation dialogs as a matter of course is the Windows Vista way. It's not the Apple way. They may at some time provide a facility for app developers to opt to have a confirmation dialog before leaving Safari, for operations which have security implications.

    Meanwhile, the Apple answer is absolutely correct. The onus is on App developers to decide on the security implications of acting on any URL types they define. And to decide for themselves what user interaction should be required.

  11. Re:Once again proving... by MichaelKristopeit162 · · Score: -1, Troll
    your identity is obviously worth so much to you that you've cowered away from it and chosen to hide in the shadows.

    what does a corporation have to do with identity theft? you're an idiot.

    considering the 172 impostor was already moderated down below 0, you're an even bigger idiot.

    considering the moderation system is manipulated by organized cartels attempting to marketeer and spin lies, even talking about "karma" is ridiculously pointless.

    you're completely pathetic.

  12. Re:Apple should handle but it's Skype's fault by MichaelKristopeit161 · · Score: -1, Troll
    if my identity was meaningless, then why did you reference it?

    you're an idiot.

    ur mum's face should kill yourself.

    why do you cower? what are you afraid of?

    not willing to continue your charade anymore?

    YOU'RE completely pathetic.