Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scammers Can Hide Fake URLs On the iPhone

Posted by Soulskill on from the don't-believe-everything-you-see dept.

CWmike writes "Exploiting an Apple interface design, identity thieves can hide URLs on the iPhone's limited screen real estate, tricking users into thinking they're at a legitimate site, a security researcher said on Monday. Nitesh Dhanjani demonstrated how criminals can easily hide the true URL of a site from users by building a malicious Web application. 'Note that on the iPhone, this only happens for sites that follow directives in HTML to advertise themselves as mobile sites,' said Dhanjani on his personal blog and in an entry on the SANS Institute's blog. The ability to hide the address bar in iOS is by design, noted Dhanjani, who said he had reported the problem to Apple. 'I did contact Apple about this issue and they let me know they are aware of the implications but do not know when and how they will address the issue,' he said."

6 of 68 comments (clear)

  1. And now for something completely different: by Aerorae · · Score: 5, Insightful

    In other news, Apple tells the world it has the most perfectly designed mobile devices in the world. No in all honesty 90% of web surfers never look at the address anyways. They click a link and expect that it takes them where it says it will. So I wouldn't call this an Apple issue, as they designed their interface with this fact in mind, so much as a consequence of user behavior and a company that is happy to oblige to supporting bad habits.

  2. Yeah... by The+MAZZTer · · Score: 3, Insightful

    This is why modern browsers ignore such directives. Remember the window.open parameter that allowed you to hide the url bar? Yeah, only IE8 respects that switch now, all modern browsers ignore it and show the bar anyway.

  3. Re:No "Hover" by JesseDegenerate · · Score: 3, Informative

    How is that? When i press on a link and hold down, on my iphone, it gives me the full address, the option to copy the link, open the link, or open in a new page. I guess i'm special!

  4. Re:No "Hover" by farnsworth · · Score: 4, Insightful

    On most browsers/clients/systems - you can "hover" over a hyperlink and see the URL it's going to. Not so with iOS

    If you touch-and-hold a url in mobile safari, you are presented with popup that contains the complete url.

    --

    There aint no pancake so thin it doesn't have two sides.

  5. Re:I guaran-goddamn-tee you ... by Lehk228 · · Score: 3, Funny

    by tricking you into FTPing into your bank?

    --
    Snowden and Manning are heroes.
  6. Android too by L4t3r4lu5 · · Score: 3, Informative

    The stock Android browser hides the address bar, so you need to scroll up slightly to see it. That's all that this attack is relying on. My HTC Desire does it.

    This isn't an Apple problem, this article is an Apple-bashing troll. Kill it.

    --
    Finally had enough. Come see us over at https://soylentnews.org/