Apple’s iPhone is vulnerable to attack, according to the boffins at one security firm. Fortify Software claims to have uncovered a critical security vulnerability in the iPhone which could lead to phishing and cross-site scripting attacks.
The problem occurs because the iPhone only displays the first few characters of a web link, which makes it much easier for phishers to hide a fraudulent URL at the end of the link without arousing suspicion.
The way that the iPhone connects the web browser and the phone also enables scam telephone numbers to be embedded within sites, which the user may be prompted to dial.
"Not only does this vulnerability make it significantly easier for a phisher to dupe an iPhone user, but it also has the potential to wreak financial havoc on mobile service providers faced with a sudden influx of fraud claims,” said Brian Chess, chief scientist at Fortify.
“As it stands, iPhone users can find themselves being the victims of relatively simple phishing techniques, either by accidentally clicking through to fraudulent websites or unwittingly making expensive premium line calls.”
Fortify said that without immediate attention, this problem could lead to a deluge of hackers attempting to mimic native iPhone applications and gain access to other personal information such as contacts, photos and maybe even the phone's physical location.