They’re out to get you. Hackers the world over are gunning for the iPhone – and not all of them are working for the good guys (unlocking the iPhone to work on non-AT&T networks is a good thing). Security firm Fortify Software reveals a couple things about the iPhone that make a hacker’s job a little easier. We’re using the term “hacker” a bit loosely here – these securtiy holes are really more like phishing vulnerabilities.
For one thing, your iPhone won’t display the URL of a link embedded into an email, making it easier to trick you into pointing your Safari browser to a scam-a-licious website. Which brings us to our next security flaw. The address bar in Safari displays only a partial URL, making it even easier to hide disguise said scam-a-licious site.
And then there’s the integration of Safari into the iPhone. Brian Chess explains that, “you can embed a telephone number in a web page like this:
<a id=”phone_home” href=”tel:1-900-867-5309″>call me!</a>
You can also write JavaScript that causes the iPhone to initiate the dialing process:<script>
window.document.url = “tel:1-900-867-5309″
</script>”
Now that’s a sobering thought – to think that the iPhone’s dialing function can be hijacked via JavaScript. But then again, you are prompted to initiate the call. We’re gonna say that the iPhone is still a fairly secure platform.
[Via: Tech.co.uk]