Monday, September 14, 2009

iPhone anti-phishing sigs only slightly delayed

A number of security experts initially criticized Apple's latest security feature for the iPhone, only to find -- 24 hours later -- that the issues were mostly moot.

On Thursday, Apple highlighted the anti-phishing features of its popular mobile device, the iPhone, at a San Francisco product launch event. However, several security experts tested the feature only to find that phishing sites blocked by Safari were still loaded by the iPhone's mobile browser. Yet, by Friday, the issue appeared to have been mostly been fixed.

It's likely that the lists of sites to be blocked had to be updated by Apple, and that took time, said Michael Sutton, vice president of security research for Web security firm Zscaler.

"Over time, more sites are being blocked," Sutton said. "The issue is likely not the blocking, but the updates."

On Saturday, Apple confirmed that updates to the iPhone are not necessarily in real time.

"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," the company said in a statement sent to SecurityFocus. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."

Sutton commended Apple for its attention to security on the iPhone.

"If you look at mobile phones, they have very little security," he said. "So it's good that Apple has taken this step."


1 comment:

Anonymous said...

Can anyone recommend the robust IT automation tool for a small IT service company like mine? Does anyone use or How do they compare to these guys I found recently: N-able N-central it automation software
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!