Feeds

iPhone becomes phisherman's friend

Embedded scam risk unearthed

The Essential Guide to IT Transformation

Security shortcomings in the design of Apple's iPhone might make it easier to mount phishing and cross-site scripting attacks.

The iPhone's email client only displays the first few characters of a weblink, a factor researchers at Fortify Software warn makes it easier to hide a fraudulent URL at the end of a link without arousing suspicion.

The mechanism the iPhone uses to link between web browser and telephone functions also makes it easier to embed scam telephone numbers within sites, which a user may be prompted to dial.

Fortify says the security shortcomings of the iPhone mean users are exposed to risk from relatively simple phishing techniques, either by accidentally clicking through to fraudulent websites or unwittingly making expensive premium line calls.

"Without immediate attention, this problem could lead to a deluge of hackers attempting to mimic native iPhone applications and gain access to other personal information such as contacts, photos, and maybe even the phone's physical location," Fortify chief scientist Brian Chess said.

Since the much-hyped release of the iPhone earlier this month, security researchers and white hat hackers have been hard at work attempting to spot security vulnerabilities in Apple's device. Early probing unearthed ways to subvert the device's browser and uncover passwords hiding in Apple software.

Others hackers have been trying to unlock the functionality of the iPhone. Reverse engineer Jon Lech Johansen (DVD Jon) discovered a way to get iPod and Wi-Fi - though not the phone - features of the device working without signing up to AT&T within three days of its release.

The iPhone Development Project claims to have replicated this and has set out a programme of goals, including the ability to unlock the phone and run third party applications on the device. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.