<mx:AnandVardhan/>

The days are moving ahead, security experts are digging the iPhone deeper and deeper to find its pros and cons.

Security researchers with Web application testing specialists SPI Dynamics are drawing attention to a feature on Apple’s hot new iPhone that they say could be subverted by hackers to attack users of the device and potentially monitor their phone calls.

In a blog posted to the security company’s Web site on July 16, SPI security researcher Billy Hoffman proposes that a feature in the device’s Safari browser that allows iPhone users to dial any phone number displayed on the browser by touching the digits on-screen could soon be subverted by hackers.

If capable of luring iPhone users to malware sites or legitimate sites infected with cross-site scripting attacks, Hoffman said, attackers could infect the devices with spyware that could allow them to track calls, redirect calls placed by a user, place unauthorized calls from the browser, program the device to make repeated calls for an infinite amount of time, or prevent the phones from calling at all.

SPI Labs is warning iPhone owners not to use the device’s Web dialer, intended to give folks an easy was to call numbers listed on Web pages. SPI says miscreants could use a bug in the feature to redirect calls to 900 numbers or monitor calls placed.

Because this vulnerability can be launched from Web sites, everybody who has an iPhone has the potential to get exploited.

Read all related news: @ Google

This entry was posted on Tuesday, July 17th, 2007 at 5:07 am and is filed under Breaking News, iPhone. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.