Apple's Iphone 3.1 Anti-phishing Ineffective?

[Peaches]

Apple's iPhone 3.1 anti-phishing ineffective?

According to several reports, the new anti-phishing feature Apple introduced in iPhone OS 3.1 for its mobile version of the Safari web browser is unreliable. The new Fraud Warning feature (under Settings, Safari) is intended to warn users against opening fraudulent web pages. In a post to The Mac Security Blog, Apple security specialist Intego says that, while the anti-phishing feature in the desktop version of Safari successfully blocks malicious pages, the mobile version "simply does not seem to work".

Dan Moren from Macworld also noted that the Fraud Warning feature, which is enabled by default, is too inconsistent. According to Moren, it sometimes works and displays a warning page, but at other times the browser opens a known phishing page without a warning. The results of the tests conducted by Moren showed that "sometimes it loaded or didn’t load on the same device", regardless of whether the device was connected to the internet via Wi-Fi or through a mobile EDGE or 3G connection.

No details are currently available regarding why the new Fraud Warning feature doesn't seem to work properly. The desktop version of Safari uses a variety of resources, including information from Google's Safe Browsing API, to determine whether or not a page is phishing site. The cause may be related to a problem communicating with the Google API. For example, the Mobile version of the Google site that loads by default in Safari on the iPhone doesn't include, according to Moren, "the same protections as its standard desktop version". A link that would normally be flagged by Google in the "Classic" (desktop) version, was not flagged on the iPhone mobile version.

Heise security - http://www.h-online.com/security/Apple-s-i...e--/news/114218