Critical security flaw discovered in iPhone

The Safari web browser on the Apple iPhone only displays the first few characters of a URL.

A critical security flaw in the Apple iPhone which could lead to phishing attacks has been uncovered by security firm Fortify Software.

Because the Apple iPhone only displays the first few characters of a URL in its Safari web browser, it makes it much easier for phishers to hide a fraudulent URL at the end of the link without arousing suspicion, Fortify Software said.

The way that the Apple iPhone connects the web browser and the phone also makes it possible to embed scam telephone numbers, which you may be prompted to dial, within websites that you access.

"Not only does this vulnerability make it significantly easier for a phisher to dupe an Apple iPhone user, but it also has the potential to wreak financial havoc on mobile service providers faced with a sudden influx of fraud claims," Brian Chess, chief scientist at Fortify, wrote on his blog .

As it stands, Apple iPhone users can find themselves being the victims of relatively simple phishing techniques, Chess said. "This can happen either by accidentally clicking through to fraudulent websites or unwittingly making expensive premium line calls."

"Without immediate attention, this problem could lead to a deluge of hackers attempting to mimic native Apple iPhone applications and gain access to other personal information such as contacts, photos and maybe even the phone's physical location."

TOPICS