A UI spoofing trick has been exposed on the iPhone’s Safari browser that potentially puts users at risk of phishing attacks.
Uncovered by researcher Nitesh Dhanjani, mobile websites are able to hide the URL bar at top of the browser at whim, which leaves users unaware of where they are going, a technique that could be easily used to redirect users to malicious versions of sites that are otherwise indistinguishable to the unsuspecting eye.
Mr. Dhanjani demonstrated the exploit in a video showing how easily the user could be tricked into visiting a fake site, in his case the Bank of America.
Apple has yet to comment on the issue. In the meantime, we strongly recommend users tread with caution when clicking links from emails and other sources, and keep an eye on URL bar on the browser when visiting sites that deal with finances.
Was this article helpful?