Spoof Your Caller ID With an iPhone Web App
For those of you that think every iPhone application must be approved by Apple's App Store guardians… think again.
Here's an application called SpoofCard:
SpoofCard allows smartphone users to spoof their caller ID. This is not exactly new. There was a bit of press coverage one year ago.
But what's now interesting to us is the variety of supported platforms: Android, BlackBerry, Palm, Windows Mobile and… iPhone.
Only, you won't find SpoofCard anywhere on Apple's website.
It's a Web App. All you need to do to "install" it is to visit ispoofcard.com with your iPhone's Safari browser.
SpoofCard's site will prompt you to save an icon to your iPhone's desktop.
At which point, for most, it appears to be just another installed application.
The iSpoofCard Web App calls a service which then facilities the actual spoofing, and the App does prompt for the user's permission before it calls. It's well behaved in that sense.
But we're curious, could social engineering be used to dupe people into giving permissions to an overtly malicious Web App? Can Web Apps access the iPhone contacts if given permission? Can Web Apps send SMS messages? Web Apps can make phone calls… how much social engineering do you think is required to get somebody to make a premium rate call?
But then… Web Apps aren't anywhere as popular as App Store applications. Even if Web Apps can be abused, they aren't likely to be, because iPhone users don't really use them.
And so we suppose in the end, this is yet another case of Apple's standard security through obscurity.
Here's an application called SpoofCard:
SpoofCard allows smartphone users to spoof their caller ID. This is not exactly new. There was a bit of press coverage one year ago.
But what's now interesting to us is the variety of supported platforms: Android, BlackBerry, Palm, Windows Mobile and… iPhone.
Only, you won't find SpoofCard anywhere on Apple's website.
It's a Web App. All you need to do to "install" it is to visit ispoofcard.com with your iPhone's Safari browser.
SpoofCard's site will prompt you to save an icon to your iPhone's desktop.
At which point, for most, it appears to be just another installed application.
The iSpoofCard Web App calls a service which then facilities the actual spoofing, and the App does prompt for the user's permission before it calls. It's well behaved in that sense.
But we're curious, could social engineering be used to dupe people into giving permissions to an overtly malicious Web App? Can Web Apps access the iPhone contacts if given permission? Can Web Apps send SMS messages? Web Apps can make phone calls… how much social engineering do you think is required to get somebody to make a premium rate call?
But then… Web Apps aren't anywhere as popular as App Store applications. Even if Web Apps can be abused, they aren't likely to be, because iPhone users don't really use them.
And so we suppose in the end, this is yet another case of Apple's standard security through obscurity.
On 16/11/10 At 05:48 PM
Why You should remove spyware, malware and viruses from your PC?
Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, it is possible for a hacker to access it remotely and perform various operations. The operations that a hacker can perform are limited by user privileges on the target computer system and the design of the Trojan horse.
Antivirus software is designed to detect and delete Trojan horses, as well as preventing them from ever being installed. Although it is possible to remove a Trojan horse manually, it requires a full understanding of how that particular Trojan horse operates. In addition, if a Trojan horse has possibly been used by a hacker to access a computer system, it will be difficult to know what damage has been done and what other problems have been introduced. In situations where the security of the computer system is critical, it is advisable to simply erase all data from the hard disk and reinstall the operating system and required software.