Tuesday October 7, 2008
ZDNet's Ryan Naraine reports on research by Aviv Raff beating on the iPhone once again. It's not the first time that problems have been found that facilitate phishing, spam, and the like.
Problem 1: Because of the small screen, the iPhone truncates "tooltip" URLs that you seen in an HTML e-mail and it truncates the middle out of them. It would be easier to hide the true destination of a link this way (e.g. http://onlinebanking.bankofamerica.com. ... /login.php).
Problem 2: Unlike other e-mail clients these days, the iPhone Mail program automatically downloads embedded images and there's no way to get it not to, according to Raff. This makes it impossible to stop "web bugs" which validate your e-mail address and help to track you.
Both Naraine and Raff sound annoyed at Apple for not fixing these problems, disclosed to them more than 2 months ago, and it's true that Apple has a history of taking their time fixing security problems, especially on the iPhone. More talk about Apple's slow response to bug reports may be found in...
Problem 3: This is not from Raff, but from Karl Kraft describes how disabling SMS preview can be defeated by putting the phone into emergency call mode. This bug appears to me to be related to the August bug that allowed you to escape iPhone passcode block by putting the phone in emergency call mode. That bug was fixed by Apple a few weeks later, but perhaps not as thoroughly as it might have been.