How secure is iPhone 3.1? Latest security scare is phishing

Published on Thursday, September 10th by Cian

iphone-fishingWhat’s this? Another iPhone security scare? These seem to pop up and then blow away every couple of weeks. The most recent scare story surrounding Apple actually concerns an apparent failure of Apple to live up to a promise. In this case, the promise was that there would be effective anti-phishing technology for Mobile Safari under the new iPhone 3.1 update.

Phishing?

Just in case you hadn’t heard of it, phishing is a form of on-line fraud. There are a lot of different kinds of phishing, some more sophisticated others. But the basic phishing scam is when someone attempts to acquire information from you like passwords, credit card details and usernames by pretending to be a trustworthy source, like your bank.

So what’s the problem with 3.1?

The problem centers around a Google initiative to prevent on-line fraud, called SafeBrowsing. If you’re a Firefox user, you’ve probably seen this pop up from time to time:

picture-13

That’s the automatic SafeBrowsing function blocking a malicious URL or phishing site, and sending you a warning. The same software is used by Apple’s on-line browser, Safari, to protect browsers. But Michael Sutton, VP of security research at Web security firm Zscaler, claims that these functions don’t work properly on Safari Mobile for 3.1. His problems with Safari Mobile break down into two parts:

1) While Safari uses the anti-phishing part of the service, it neither blocks malicious URLs nor warns you about them. The potential security risk, he claims, comes from naked browser attacks. These are attack sites which all browsers equally, and could easily exploit the mobile version of the Safari browser, and potentially do serious damage to iPhone users.
2) Sutton claims that the anti-phishing service doesn’t actually work. He took his iPhone for a walk through some validated phishing sites, and found that not even one of them was blocked on Safari Mobile, and no warnings were sent.

What we think?

Ehhhhhh. So many security scares happen around iPhone that it’s hard to know when to listen and when to shrug them off. Remember that text messaging thing? This phishing problem sounds serious, but then they all sound serious. My advice on this would be the same as to someone browsing on the on-line version of Safari: just be careful and don’t give out any details unless you are completely positive it’s safe. You’ll probably be all right.

This article was published in Featured, Mobile OS, Mobile Web, iphone, mobile browsers, mobile news and tagged , , , , , , , , , . Bookmark the permalink.

One Response to How secure is iPhone 3.1? Latest security scare is phishing

  1. Pingback: Monday Morning Mobile Catchup – September 14/09 | Mobile Strategy

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>