Web ad tried to make my iPhone spaff a premium-rate text, says snapper
This is why everyone's blocking adverts
A bloke in Scotland reckons a dodgy web advert tried to trick him into sending a text message from his iPhone to a premium-rate number.
It's feared more unscrupulous ad networks could use the same technique to trip up Apple fans and rack up larger than expected phone bills.
Andrew Smith – an ex-Reg writer, news photographer, and all-round geek living in Inverness – described on his CityTog blog how tapping on an image link on Reddit led his iPhone's browser to a picture-hosting website, which had an ad that irritatingly opened up the App Store. After closing that, another ad on the page somehow popped open the Messages app, complete with a text and number filled in, the snapper said.
All Smith had to do was tap on "Send" and he'd be signed up an £18 ($30) a month subscription, it seems. When he closed the Message app, forget about it all, and later opened it again to send a message to his mum, the spammy text was still there in the input box, he added. It can be deleted by hand – but that's another irritation.
Smith told us his 16GB iPhone 6 Plus is running iOS 8.4, and is not jailbroken.
The attempted SMS spamming
"Somehow my phone had ended up with this message set as a kind of default reply," Smith wrote on Tuesday. "Obviously I could just delete that message, but how annoying."
Thomas Reed, director of Mac offerings for security biz Malwarebytes, said this particular spammy technique was new to him. While malicious ads and webpages have been able to open up iTunes and the iOS App Store, the ability to compose a recipient and body for an SMS message is a troubling development.
"It is definitely concerning that someone has found a way to fill in the recipient and body of the message," Reed told The Register. "There are all sorts of opportunities for abuse there."
Reed notes that with the ability to fill in text fields and recipients, an attacker could not only trick users into sending spam to others, but also signing up for premium-rate subscriptions that have expensive monthly charges.
Reed recommends iOS users update their devices to iOS 9 and install one of the newly sanctioned ad-blocker apps to prevent malicious ads on pages from running their scripts.
"It sounds from this story that the problem was an ad on the page," he said. "The best thing to do to avoid this kind of thing is just install an ad blocker."
Well played, advertisers. Well played. This is why people are blocking ads. Apple does not respond to requests for comment. ®