Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Spam Reports

Spam Reports

iPhone 2.0 Vulnerable to Spam and Phishing

As discovered by security researcher Aviv Raff

By George Craciun, Security News Editor

25th of July 2008, 08:57 GMT

Adjust text size:


Phishing and Spam vulnerabilities discovered in iPhone 2.0
Enlarge picture
According to security researcher Aviv Raff, the iPhone's Mail and Safari software applications are vulnerable to URL Spoofing. What this means is that an attacker can exploit said vulnerabilities and conduct a phishing attack on the user. The problem is not a new one, except that Aviv Raff and a handful of other security researchers were waiting to see if the newly launched iPhone 2.0 would have the same security vulnerabilities as previous models.

"By creating a specially crafted URL, and sending it via an email, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain (e.g. Bank, PayPal, Social Networks, etc.). When clicking on the URL, the Safari browser will be opened. The spoofed URL, showed in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain," said Aviv Raff.

This is a security issue with the Mail and Safari applications on iPhone 1.1.4 and 2.0, as well as earlier versions.

Raff has not released to the general public any technical information about the vulnerabilities as he is willing to give the researchers at Apple time to come up with a fix. If you are a security vendor and would like additional information on this matter, he is willing to share it with you as long as you contact him.

What should you, as a user, do in order not to fall victim to a phishing attack? Well, if you receive an e-mail message that asks you to update your security credentials and provides a link, do not click on it. What you should do instead is manually enter the site's URL and access your account, which is pretty much the best thing you can do no matter from where you access the web.

According to Apple, the fact that the iPhone can be spammed as well, not just phished, is a security issue. "This is a basic security design flaw which might already be exploited in-the-wild. iPhone users should consider stop using the Mail application until Apple fixes this issue, unless they want to be spammed," says Aviv Raff.

TAGS:

 iPhone | phishing | spam | security


Rating:
NOT RATED 0 vote(s) so far    

Read by 446 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


IPCop 1.4.20 Released

The Bourne Conspiracy - Passport Locations

SanDisk Rolls out Memory Cards Featuring Unaltered Data Storage

Intel Unveils New SoC Solution

Prepare for Mac Virus Infection, Says Sophos

Optus Unveiled Its Totally Unlimited Plan and Its SecureCam Monitoring Solution

RiftVault Offers Government-Level Encryption for Your Data

Colorado Spam King Killing Spree

Encrypted Data Makes Gmail Safer

FiberWAN Network Admin Hands Over Password

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive