Apparently the way iOS 4 handles URLs could lead to possible problems if exploited. According to an article written about iOS security, there is a concern about how it handles URLs. Basically, there is a flaw that allows malicious websites to make calls from Skype without any permission granted. iOS 4 allows apps to run commands from Safari using URLs, and because of this, websites can also make apps do things. The writer wrote a simple code that made Skype call out from his phone just by visiting a website. Granted, users can see the call being made and cancel it, but if they weren’t paying any attention or they left their phone alone while they waited for a page to load, an expensive call could be made, wasting the user’s Skype credit and even disclose the user’s identity from the Skype ID. Besides Skype, other apps that store sensitive information could possibly be targeted to disclose information. Now the debate is up in the air- is it the fault of Apple for enabling such a function on their OS, or should it be developer’s fault for not taking additional security measures to prevent it from happening? Either way, be careful when surfing dodgy websites- nowadays, not even phones are safe from malicious websites.
