Researchers from the University of California at Davis warned attendees at the Usability, Psychology and Security Conference 2008 on Friday that browsers found in the Wii and iPhone have more security issues than their desktop counterparts [PDF link].
According to the researchers, both the Wii's Opera browser and the iPhone's Safari browser create environments that make users more likely to click on links than input them into the address bar due to their dislike of onscreen keyboards.
Simple Java hack
The researchers also found that vendors are more likely to reduce the number of security measures included in mobile browsers. They said that a simple piece of JavaScript could remove the address bar from the iPhone's Safari screen and put users at risk.
To make matters worse, the researchers were also able to change the domain name in the Wii and Safari browsers to look more legitimate and fool people into believing they were on a safe site when they were not.
Phishing filter please
In order to rectify the situation, the researchers do not believe the companies should update the browsers or even port the full desktop versions to the devices. Instead, they called on both Opera and Apple to run all pages through a proxy to filter out phishing scams before the site reaches the user.
Neither Apple nor Opera has commented on the findings and there is currently no indication that better security measures will be added to either browser. So it's still a case of surfer beware.
