Apple Adds Non-Working Safari Anti-Phishing Feature to iPhone
The Mac Security Blog reports on Safari anti-phishing failure: we wrote about the security features in Apple’s latest update to the iPhone and iPod touch operating system.
Another addition to this update, which Apple hasn’t mentioned, is an anti-phishing feature for mobile Safari. Similar to that used by the desktop Safari, this feature should warn users that they may be visiting a known malicious web site and asks if they wish to continue. However, we have extensively tested this feature, tossing dozens of phishing URLs at it, and it simply does not seem to work. URLs that are blocked by Safari in Mac OS X open and direct users to malicious pages. For example, here’s one bogus PayPal page that was blocked in Safari on Mac OS X, but which displays just fine on the iPhone:
We find it interesting that Apple has added this feature, but we’re confused as to why it simply does not work. Is there...
Apple anti-phishing fails
The Mac Security Blog reports on Safari anti-phishing failure: we wrote about the security features in Apple’s latest update to the iPhone and iPod touch operating system.
Another addition to this update, which Apple hasn’t mentioned, is an anti-phishing feature for mobile Safari. Similar to that used by the desktop Safari, this feature should warn users that they may be visiting a known malicious web site and asks if they wish to continue. However, we have extensively tested this feature, tossing dozens of phishing URLs at it, and it simply does not seem to work. URLs that are blocked by Safari in Mac OS X open and direct users to malicious pages. For example, here’s one bogus PayPal page that was blocked in Safari on Mac OS X, but which displays just fine on the iPhone:
We find it interesting that Apple has added this feature, but we’re confused as to why it simply does not work. Is there...
Apple anti-phishing fails