Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Spam Reports

July 25th, 2008, 08:57 GMT · By George Craciun

iPhone 2.0 Vulnerable to Spam and Phishing

SHARE:

Adjust text size:


Phishing and Spam vulnerabilities discovered in iPhone 2.0
Enlarge picture
According to security researcher Aviv Raff, the iPhone's Mail and Safari software applications are vulnerable to URL Spoofing. What this means is that an attacker can exploit said vulnerabilities and conduct a phishing attack on the user. The problem is not a new one, except that Aviv Raff and a handful of other security researchers were waiting to see if the newly launched iPhone 2.0 would have the same security vulnerabilities as previous models.

"By creating a specially crafted URL, and sending it via an email, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain (e.g. Bank, PayPal, Social Networks, etc.). When clicking on the URL, the Safari browser will be opened. The spoofed URL, showed in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain," said Aviv Raff.

This is a security issue with the Mail and Safari applications on iPhone 1.1.4 and 2.0, as well as earlier versions.

Raff has not released to the general public any technical information about the vulnerabilities as he is willing to give the researchers at Apple time to come up with a fix. If you are a security vendor and would like additional information on this matter, he is willing to share it with you as long as you contact him.

What should you, as a user, do in order not to fall victim to a phishing attack? Well, if you receive an e-mail message that asks you to update your security credentials and provides a link, do not click on it. What you should do instead is manually enter the site's URL and access your account, which is pretty much the best thing you can do no matter from where you access the web.

According to Apple, the fact that the iPhone can be spammed as well, not just phished, is a security issue. "This is a basic security design flaw which might already be exploited in-the-wild. iPhone users should consider stop using the Mail application until Apple fixes this issue, unless they want to be spammed," says Aviv Raff.
FILED UNDER:
iPhone
phishing
spam
security

TELL US WHAT YOU THINK:

1,324 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


FiberWAN Network Admin Hands Over Password
Encrypted Data Makes Gmail Safer
Colorado Spam King Killing Spree
RiftVault Offers Government-Level Encryption for Your Data
Optus Unveiled Its Totally Unlimited Plan and Its SecureCam Monitoring Solution

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use