Featured Articles

IHS teardown reveals Galaxy S5 BOM

IHS teardown reveals Galaxy S5 BOM

Research firm IHS got hold of Samsung’s new flagship smartphone and took it apart to the last bolt to figure out…

More...
Galaxy S5, HTC One M8 available selling well

Galaxy S5, HTC One M8 available selling well

Samsung’s Galaxy S5 has finally gone on sale and it can be yours for €699, which is quite a lot of…

More...
Intel lists Haswell refresh parts

Intel lists Haswell refresh parts

Intel has added a load of Haswell refresh parts to its official price list and there really aren’t any surprises to…

More...
Respawn confirms Titanfall DLC for May

Respawn confirms Titanfall DLC for May

During his appearance at PAX East panel and confirmed on Twitter, Titanfall developer Respawn confirmed that the first DLC pack for…

More...
KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 GTX 780 Ti Hall Of Fame reviewed

KFA2 gained a lot of overclocking experience with the GTX 780 Hall of Fame (HOF), which we had a chance to…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 30 November 2010 10:46

Apple's faith based security takes another hit

Written by Nick Farell
apple

Flaw allows scammers into iPhone OS
A security flaw, er feature, in Apple's iPhone OS allows ID thieves to trick the iPhone into thinking it is looking at a legitimate site.

Insecurity researcher Nitesh Dhanjani has been showing off how criminals can easily hide the true URL of a site from users by building a malicious Web application. Dhanjani showed how legitimate Web applications such as Bank of America's mobile banking application hide Safari's address bar after rendering the page.

Developers have to use this technique often because of the limited screen real estate on mobile devices like the iPhone. But Identity thieves and scammers could apply the same practice to conceal the actual URL of a fake site they've created and then duped users into visiting.

Dhanjani has reported the problem to Apple but it had not given any indication that they would fix the problem. Apple needs to modify iOS to prevent Web applications from hiding the URL, he said.

Dhanjani uncovered an Apple Safari vulnerability in 2008 that could be exploited with "carpet bomb" attacks. Apple initially told Dhanjani that it didn't consider the problem a security issue, it later issued a patch after others, including Microsoft, warned users to stop running Safari.

Jobs' Mob continues to claim it does not have security problems and that viruses only happen on Windows machines.
Last modified on Tuesday, 30 November 2010 11:58
blog comments powered by Disqus

Comments  

 
-22 #1 hellfire 2010-11-30 13:22
well..you cant install anything on iOS device not from the app-store so actual spyware\viruses or other malware just cant get in...so whats the problem? Or just "one bad-iphone news per day makes Nick feel ok?"

go write some news instead
 
 
+14 #2 Warhead 2010-11-30 14:21
Quote:
A security flaw, er feature


LOL! Looking forward to Job's comments...er denials about this....
 
 
+12 #3 nECrO 2010-11-30 18:23
Quoting hellfire:
well..you cant install anything on iOS device not from the app-store so actual spyware\viruses or other malware just cant get in...so whats the problem? Or just "one bad-iphone news per day makes Nick feel ok?"

go write some news instead




Go back and read the article and you'll see the rather big point you missed the first time. Nowhere does it say anything about installing anything, spyware or otherwise. If an IPhone user visits a bogus site, the owner will never know because the URL will be hidden. Understand? Or too many big, non-Apple approved words?
 
 
+10 #4 yasin 2010-11-30 18:51
Quoting hellfire:
well..you cant install anything on iOS device not from the app-store so actual spyware\viruses or other malware just cant get in...so whats the problem? Or just "one bad-iphone news per day makes Nick feel ok?"

go write some news instead

this is news.and you clearly can read well can you.completely missed the point.its about web address masking, not installing things.
 
 
+6 #5 thomasg 2010-11-30 22:19
Quoting hellfire:
well..you cant install anything on iOS device not from the app-store so actual spyware\viruses or other malware just cant get in...so whats the problem? Or just "one bad-iphone news per day makes Nick feel ok?"

go write some news instead


For instance, someone could set up a site that looks identical to your bank's, and then when you go to "login" with your account info, you're really just handing it over to criminals, which is way worse then some adware or something.
 

To be able to post comments please log-in with Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments