iPhone vulnerable to phishing attacks

Researcher cites "trusted" malicious links within Mail could open phishing sites in Safari.

Security researcher Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications are prone to URL spoofing and could allow phishing attacks against iPhone users.

The alert was anticipated. Prior to the release of the iPhone on July 11, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release.

By crafting a specially designed URL, Raff says an attacker could create an e-mail link that appears in Mail to be from a trusted site (a financial institution or social network). By clicking the link, Safari will open to the phishing site. The issue affects users of iPhone 1.1.4 and 2.0.

Raff, who has informed Apple of the vulnerability, declined on his blog to offer more details until a patch is available.

Until then, Raff suggests iPhone users "avoid clicking on links in the Mail application which refers to trusted Web sites (e.g. bank, PayPal, social networks, etc.). Instead, a user should enter the URL of the Web site manually in the Safari application."

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Man flies 54-propeller superdrone, almost flips it, Ep. 217

This week on Crave, we walk you through a futuristic new automated restaurant in San Francisco, get navigation directions from the sultry voice of Stephen Colbert on Waze, and fly a drone with 54 propellers that can carry a full-grown man. It's the Crave show!

by Stephen Beacham