Shouldn’t protecting iPhone users from phishers be easier than this?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

iPhone charging
Last week there were a number of reports that the anti-phishing technology built into the Mobile Safari web browser shipped with Apple’s iPhone OS 3.1 software doesn’t actually work.

Researchers at Mac security firm Intego reported that it “extensively tested this feature, tossing dozens of phishing URLs at it” before concluding that the touted anti-phishing protection “simply does not seem to work.”

However, it appears that that conclusion may have been a little premature. Reporters at The Loop quizzed Apple about the alleged problem, and received an official response claiming that users were not using the proper process to update their protection against phishing websites:

"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."

Sign up to our free newsletter.
Security news, advice, and tips.

So, there you have it.

If you want to update the anti-phishing protection on your iPhone all you need to do is launch Safari, connect to a Wi-Fi connection (3G won’t be sufficient), charge your iPhone and turn the screen off.

This doesn’t seem the most simple and intuitive procedure in the world to me – and as many many new phishing websites are found every day, it’s hard to imagine that iPhone owners are going to keep themselves properly up-to-date.

Mind you, as many other smartphones don’t offer even the most elementary form of anti-phishing protection to their users, maybe we shouldn’t be too hard on Apple.

* Image source: TRD JZX100’s Flickr photostream (Creative Commons)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.