back to article iPhone becomes phisherman's friend

Security shortcomings in the design of Apple's iPhone might make it easier to mount phishing and cross-site scripting attacks. The iPhone's email client only displays the first few characters of a weblink, a factor researchers at Fortify Software warn makes it easier to hide a fraudulent URL at the end of a link without …

COMMENTS

This topic is closed for new posts.
  1. Steve

    WTF ?

    A non drooling iPhone article unaccompanied by iFanboy flamage ? Is something broken ?

  2. elder norm

    Quick, run for the hills

    Hmmmm, all this sounds interesting, but mostly, it sounds like so much BS.

    I can see phishing by hiding your real web site. They do that on your computer right now. But I find it hard to believe that they can uncover passwords from your iPhone just by you visiting a web site.

    PS, how come no one ever discovered this before with Safari???

    "Show me the money!" :-)

  3. Webster Phreaky

    Bwah ha ha ha ha ha .. iPhone piece of sh!t - told you so.

    This is just too iPhunny .... Apple you make my day .... everyday you realease a new Flakey, Flawed, Buggy product (all made in China)

  4. Nexox Enigma

    Re: Quick, run for the hills

    The password recovery thing is just something that El Reg (and possibly others of journalistic intent, can't say that I've bothered to read their articles) brings up over and over when a new minor iphone risk comes out. It happened like the day after the phones were released by running the unix command 'strings' on a backup file that itunes makes to recover the device, should it die. Strings turned up the contents of a /etc/shadow or /etc/passwd file, and people were able to brute force the passwords rapidly. Not that they got much for their efforts, as I am not aware of any use for the two passwords embedded in the device yet.

  5. Paul van der Lingen

    heh

    and every day Webster Phreaky posts some inane drivel

    Please Webster - won't you do us all a favour and get a decent browser with a spell checker?

  6. Steve

    Arrgh! It's happening again!

    "But I find it hard to believe that they can uncover passwords from your iPhone just by you visiting a web site."

    Did you read the same article as me ? Because I don't see that mentioned at all. Dodgy URLs yes, ability to reveal passwords by same, not there.

    The password thing is mentioned in a paragraph near the end, which is by way of being what we call 'a summary'. This is like the "previously, on [your favourite TV show, probably Buffy]" bits on television, only in the form of writing.

  7. Register Reader

    Oh FFS (getting to be a common sentiment for iPhone articles on the Reg these days)

    So now they're complaining because you can't see a full URL while browsing (valid I guess, but isn't that the same for any phone because of the small screen?), and complaining because you can dial phone numbers easily. Because *gasp* some of the phone numbers may be premium rate!!!! I have the same thing on my PC where it links to Skype. If I'm dumb enough to dial up a premium number then that's my own fault, not a design flaw..?

    And also they're saying that people may try to copy the iPhone interface on a website to dupe someone into .. doing.. something...??? How is that any different to Windows where a popup pops up and says "OMGZZ!!! j0-00 have a v1ruz0rz1nfection1!!!111!!zzz!!" (sadly, people do actually fall for it, I've seen it happen -_- )?

    Social engineering attacks are not the same as actual exploits/bugs. Things can be done to reduce the likelihood of them succeeding, mostly those involve user education..... either that or seriously restricting what the users can actually do.

  8. Steve

    @Register Reader

    "Things can be done to reduce the likelihood of them succeeding, mostly those involve user education"

    Yes, well spotted, and that's why the media report these things. No reportage, no dissemination, no education.

    I mean, like, duh !

  9. Conway

    Never in the history of human conflict..

    .. has such a small device had to deal with such focussed attempts to crack it. The best anyone has manged so far is to get the wi-fi / mp3 bits of it to work without activation which makes it a very expensive Mp3 player with wi-fi. I don't think it will be a popular hack. The next best thing is to discover a couple of passwords, but no one seems quite sure what they do (if indeed, they do anything).

    I am never going to own one of these things but I always like to side with the underdog and with so many security experts (crackers/hackers by any other name) picking on this thing I am beginning to root for it.

    Go iPhone go, you can resist.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022