iPhone open to iPhishing

By Nick Mansell on Mon 28 July 2008

iPhone 3G and SafariYou knew there'd be some teething problems with that shiny new iPhone didn't you? Sure enough, security researcher, Aviv Raff, has spotted a few issues with iPhone Mail and Safari (that's the browser Apple is always boasting is safer than Internet Explorer).

The problem comes when emails containing spoofed URLs are opened from Mail. The resultant page opens in Safari, still showing its spoofed web address. As Aviv puts it: "The spoofed URL, shown in the address bar of the Safari browser, will still be viewed by the victim as if it is from a trusted domain."

That's a flaw any phisher would give their left arm to exploit for extracting your bank, paypal, email and eBay details but thankfully Aviv isn't telling exactly how it's done. He's reserved those details for the tech guys at Apple who say they're now looking into it.

Apple's also acknowledged a problem that leaves Mail open to spam - in case you were wondering why you were getting all those p3nis enl4rgment emails.

[Aviv Raff]

Comments

Add your comment now

Post a reply to this thread

 

Please describe your emotions in making this comment:


Powered by reCAPTCHA

Unless you are a verified user, comments will be moderated before they appear. Comments submitted entirely in capital letters, containing advertising or excessive swearing will be rejected; please try to be polite. The best comments are relevant, factual and balanced; think about all aspects of the package, such as speed, connection quality and customer service. We reserve the right to edit comments.