Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scammers Can Hide Fake URLs On the iPhone

Posted by Soulskill on from the don't-believe-everything-you-see dept.

CWmike writes "Exploiting an Apple interface design, identity thieves can hide URLs on the iPhone's limited screen real estate, tricking users into thinking they're at a legitimate site, a security researcher said on Monday. Nitesh Dhanjani demonstrated how criminals can easily hide the true URL of a site from users by building a malicious Web application. 'Note that on the iPhone, this only happens for sites that follow directives in HTML to advertise themselves as mobile sites,' said Dhanjani on his personal blog and in an entry on the SANS Institute's blog. The ability to hide the address bar in iOS is by design, noted Dhanjani, who said he had reported the problem to Apple. 'I did contact Apple about this issue and they let me know they are aware of the implications but do not know when and how they will address the issue,' he said."

2 of 68 comments (clear)

  1. I guaran-goddamn-tee you ... by Daniel+Dvorkin · · Score: 0, Offtopic

    ... that Chrome's protocol-hiding will cause similar problems one of these days. I don't know how, I don't know when, I don't know where -- but I do know that someone's going to use it to cause harm.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  2. Not much of a issue by huzur79 · · Score: 0, Offtopic

    Seems like no one really read the article. Its not a problem with Safari. If a user opens a web page in Safari they dont lose the URL bar. Its in app access to browsing using API's to hide the URL after a page in a App has loaded. Users only get to see it for a few seconds. I still think its a non issue because Apps are so controlled on Apple it would be a stroke of luck for some one to get a App that did abuse that to steal peoples info, it would be busted quickly if it did some how get pass that App Approval nazi's and quickly pulled. If such a rare thing did happen it could spark Apple to use the auto remove back door of any apps of that nature installed for the first time. Sometimes its great using a device that is highly controlled because I have no reason to worry about this at all with the current state of App approvals. The flaw would be horrible on a more open less controlled market space though.