Toll Fraud on Smart Phones

There were a number of articles out the past week describing malware that generates text/SMS message to premium services.

This issue was described as only affecting Android-based smart phones. The issue occurs when the user/consumer downloads an application contatining the malware. The malware generates text messages to premium services and the consumer/user gets billed for the service. It isn't hard to see the same/similar malware making long calls to premium numbers. If malware did this at night, the calls would probably go undetected and this could be repeated for a number of nights, with the user only seeing the costs at the end of the month. With premium numbers costing dollars per minute, 1 call night call could cost hundreds or even over $1,000. Imagine getting a bill for 30 of these at the end of the month. There may even be a way to generate multiple calls, for example, calling one destination and then conferencing in another premium number.

This could affect enterprises if the smart phone cellular service was paid for by the enterprise. It would be interesting to see how an enterprise would handle this if the bill for a victimized user was in the $1,000s or $10,000 a month.

Seems like the issue only affects Android-based phones. From what I know non-jailbroken Apple smart phones don't give applications the ability to generate phone calls.