iPhone users warned of phishing threat
Published: 24 Jul 2008 11:04 BST
Security researcher Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications are prone to URL spoofing and could allow phishing attacks against users.
The alert was anticipated. Prior to the release of the iPhone on 11 July, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release.
By crafting a specially designed URL, Raff said an attacker could create an email link that appears in Mail to be from a trusted site — for example, a financial institution or social network. By clicking the link, Safari will open the phishing site. The issue affects users of iPhone 1.1.4 and 2.0.
Raff, who has informed Apple of the vulnerability, declined on his blog to offer more details until a patch is available.
Until then, Raff suggested iPhone users "avoid clicking on links in the Mail application which refers to trusted websites (eg, bank, PayPal, social networks, etc). Instead, a user should enter the URL of the website manually in the Safari application."
Credit: iPhone vulnerable to phishing attacks from CNET News.com
- Roundup: Apple's iPhone 3G goes on sale
- Photos: iPhone 3G hits London
- IT pros back iPhone 3G for business
- Loopt previews location-based iPhone app
- eBay shows off auction app for iPhone
- O2 releases iPhone 3G pricing for UK
- AT&T sacrifices profits to snare iPhone 3G users
- iPhone 3G: Does it do the business?
- Blog: 3G iPhone — the wait is over. Or is it?
- O2: iPhone 3G to take enterprise by storm
- Steve Jobs unveils the $199 iPhone 3G
- iPhone's open-heart surgery on the enterprise
Did you find this article useful?
0 out of 1 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
