iTWire - Why has Apple not fixed well known iPhone security problems?

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Why has Apple not fixed well known iPhone security problems?

Why has Apple not fixed well known iPhone security problems?

E-mail

by Davey Winder
Friday, 03 October 2008
Page 2 of 2 The first vulnerability is a phishing one involving the iPhone's email application which can be used to view both HTML and plain text messages. In HTML mode, link text can be set so that it is different to the actual URL behind the link. Featured Whitepaper 5 Best Practices for Smartphone Support Most email clients avoid the obvious dangers this poses by displaying a hover tooltip showing the actual destination link no matter what the text itself may say. Not so the iPhone, which instead of a hover requires the user click the link itself for a tooltip. Raff argues that "because the iPhone screen is small, long URLs are automatically cut off in the middle. So, instead of hxxp://www.somedomain.com/verylongpath/verylongfilename, you will get in the tooltip something like www.somedomain.com/very...ilename." If an attacker sets a very long subdomain, which is cut off in the middle, it can look like a trusted domain and Safari for iPhone also shows what appears to be a trusted domain in the address bar when launched. Then there is the spamming vulnerability, which Raff is adamant is not just a trivial bug but a "pretty dumb design flaw" and one that was fixed by most every other mail client ages ago. Anyone remember the whole 'web bug' thing of many years back now? It also involves the viewing of HTML mail messages, this time which contain images. When you view that message a remote server request is made to grab the image. Best practise requires most clients to get user approval before such a remote image download is requested. Not the iPhone. Why is this a problem? Because, says Raff, if the images are downloaded automatically "the spammer who controls the remote server will know that you have read the message, and will mark your mail account as active, in order to send you more spam." Unfortunately there is no work around for the web bug spam issue, and Raff simply advises people not to use the iPhone mail application until it is fixed. The same advice applies to the phishing vulnerability, but if people insist on using iPhone mail they should be very "careful with the links" they click... Tags See All Tags Apple Davey Winder Phishing Security Spam Vulnerability iPhone Powered By Joomla Tags Please enable JavaScript in your browser to post your comment! << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Internet Security Predictions for 2010 from AVG (AU/NZ)

Frost & Sullivan Awards Websense Australian Secure Content Management Vendor of The Year

TANDBERG Awarded Australia Video Conferencing Vendor Of The Year By Frost & Sullivan

World Leader in IT Power Management Appoints Channel Partner for South Pacific

MicroStrategy Reporting Suite Provides Seamless BI Reporting for Microsoft Analysis Services

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking