Scammers Can Hide Fake URLs On the iPhone

CWmike writes "Exploiting an Apple interface design, identity thieves can hide URLs on the iPhone's limited screen real estate, tricking users into thinking they're at a legitimate site, a security researcher said on Monday. Nitesh Dhanjani demonstrated how criminals can easily hide the true URL of a site from users by building a malicious Web application. 'Note that on the iPhone, this only happens for sites that follow directives in HTML to advertise themselves as mobile sites,' said Dhanjani on his personal blog and in an entry on the SANS Institute's blog. The ability to hide the address bar in iOS is by design, noted Dhanjani, who said he had reported the problem to Apple. 'I did contact Apple about this issue and they let me know they are aware of the implications but do not know when and how they will address the issue,' he said."

And now for something completely different:

[Aerorae]

In other news, Apple tells the world it has the most perfectly designed mobile devices in the world. No in all honesty 90% of web surfers never look at the address anyways. They click a link and expect that it takes them where it says it will. So I wouldn't call this an Apple issue, as they designed their interface with this fact in mind, so much as a consequence of user behavior and a company that is happy to oblige to supporting bad habits.

Re:No "Hover"

[farnsworth]

On most browsers/clients/systems - you can "hover" over a hyperlink and see the URL it's going to. Not so with iOS

If you touch-and-hold a url in mobile safari, you are presented with popup that contains the complete url.