SANS Cautions Against iPhone Phishing Danger

The mobile community has grown far too large to think that scammers, hackers, and virus-peddling scoundrels would avoid the mobile crowd forever.

According to a new chunk of cautionary advice posted on the SANS Application Security Street Fighter Blog, identity thieves are taking aim at iPhone users with more aggressive phishing schemes.

For example, malicious web applications “can spoof User Interface elements to display arbitrary URLs thus tricking the user to thinking he or she is browsing a trusted site.”

Security researcher Nitesh Dhanjani warns that today’s most in-vogue web browsers continue to fall prey to tactics devised by scammers to capitalize on limited screen real estate and, consequently, trick users into visiting sites that they would never choose to knowingly visit.

Although diligent mindfulness of your digital travels is recommended by Dhanjani, the only long-term strategy for combating these security threats is entrusting iOS developers and Apple to do something about the weaknesses cyber criminals exploit.

“It is clear that developers of iOS applications need to make sure they display the ultimate domain from which the application renders web content. A welcome addition to this would be default behavior on part of UIWebView to display the current domain context in a designated and consistent location,” Dhanjani writes.

“Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view.”

To read Dhanjani’s full report, click here.