Mobile UI Spoofing–Another Reason For Smart Surfing


Recommended Posts

Nov30

Mobile UI Spoofing–Another Reason For Smart Surfing

In August we noted how Trend Micro Smart Surfing for iPhone protected users against a potential iOS vulnerability. Today we have word of another potential problem that Smart Surfing is able to protect against.

An independent security researcher noted that in certain cases the Safari browser hides the address bar after a website has finished loading. This can be used to add an added layer of believability to phishing attacks: the legitimate URL of the phished site can be placed in a fake address bar. If the real address bar has hidden itself, the fake bar would be seen, leading the users to think they are on the legitimate page.

To demonstrate this proof-of-concept attack, the researcher created a fake Bank of America page. A keen-eyed user would note that while the page is loading, two address bars could be seen, but once loaded, the real address bar hides itself.

More details plus screenshot here: http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...