iPhone vulnerable to phishing attacks

Researcher cites "trusted" malicious links within Mail could open phishing sites in Safari.

by Robert Vamosi July 23, 2008 3:06 PM PDT

Security researcher Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications are prone to URL spoofing and could allow phishing attacks against iPhone users.

The alert was anticipated. Prior to the release of the iPhone on July 11, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release.

By crafting a specially designed URL, Raff says an attacker could create an e-mail link that appears in Mail to be from a trusted site (a financial institution or social network). By clicking the link, Safari will open to the phishing site. The issue affects users of iPhone 1.1.4 and 2.0.

Raff, who has informed Apple of the vulnerability, declined on his blog to offer more details until a patch is available.

Until then, Raff suggests iPhone users "avoid clicking on links in the Mail application which refers to trusted Web sites (e.g. bank, PayPal, social networks, etc.). Instead, a user should enter the URL of the Web site manually in the Safari application."

Don't Miss

Another idea for Apple's rumored TV: An 'iDevice'
Apple
Here comes Yahoo's own Web browser -- Axis
Internet & Media
The secret of how to live at AOL (pictures)
Slideshow
Review: Is new Cyber-shot the top compact camera?
Review

Apple Byte

Is 4 inches big enough?...for the iPhone

Size matters in the smartphone world, and new parts hint at a 4-inch iPhone and iPod Touch. Also this week, IBM's not a fan of Siri, and get jamming on the gTar.

Play Video

iPhone vulnerable to phishing attacks

Don't Miss

Featured Posts

Most Popular

About Security & Privacy

RSS

my Yahoo

Google

MSN

CNET Mobile Apps