The iPhone Alley team is back from Vegas and finally caught up on sleep. The city of Vegas never sleeps, so neither did we. We had a great time both inside and outside of the convention center and even as a whole we came back with more money than we
Apple has gotten a lot of guff (including from us) for giving developers headaches and laying down the law on certain things that don't always make sense or make us happy iPhone users, but this can be a good thing if the developer happens to be a bad guy trying to steal information or rip you off. Google opted for the polar opposite approval policy, leaving their Android Market wide open for all developers. The danger there is that you run the risk of allowing downright nasty malicious apps in and let people download them, which is exactly what has happened.
I'm betting that most of our readers are fairly savvy Internet users who know what a phishing email looks like. You know how it goes, you get an email from PayPal saying that they're about to close your account unless you "click this link" right now. Something just smells, well, fishy. But we've been getting scattered reports from iPhone users that scammers are actually calling to phish for information. This is just a friendly warning to make sure everyone's aware of the threat. Read on to hear from a reader who actually received a scam call.
Security researcher Aviv Raff claims that the iPhone and iPod touch versions of Mail and Safari are both vulnerable to a URL Spoofing vulnerability that could allow attackers to conduct phishing attacks to iPhone users. According to Raff, a hacker could create a specially crafted URL that, when sent via an email, he could convince came from a trusted domain like a bank, PayPal, a social network, etc. Then, when clicked and opened in Safari, the URL showed in Safari's URL bar would still appear to the victim that it is from the trusted domain.