Gadgetell | Tech News, Reviews, and Interesting Things

When the CEO of Packet Focus decided to test the security of the top three smartphones, he was shocked to discover they all failed miserably.  Joshua Perrymon sent a spoofed phishing email made to look like it was a LinkedIn invitation from Bill Gates to users of the iPhone, the BlackBerry and the Palm Pre and found his message got through 100% of the time.  Perrymon says smartphones simply have no protection against phishing attacks.

“What I found on the Palm and BlackBerry is [that there is] no protection to any type of phishing attacks. The Palm runs on Linux, so I SSH’ed into it and looked around. The email client is built in JavaScript and made to download emails from a server - POP, IMAP or Exchange. So if the hosted server doesn’t pick up on the email, then the phone gets the attack delivered.”

Perrymon sent the results of his experiment to RIM, Palm and Apple but none of them responded.  He said he hopes that they will eventually address the issue and hopefully issue a fix of some sort. Just last month RIM fixed a flaw in their browser that would have allowed a hacker to send a malicious link via text message.  The flaw prevented the browser from properly warning the user that the URL and the site certificate didn’t match.  This would have allowed the user to easily fall for a phishing attack.

To help combat this, a company called Deepnet Security has introduced a new app called MobileID that will allow banks, retailers and online service providers to offer authentication protection.  This will insure that customers data is protected and phishing attempts are blocked.  It’s available for Blackberry, Windows Mobile, Symbian and the iPhone.  Norton offers a security suite for smartphones that can also provide protection.  Norton Smartphone Security helps keep your phone free of spam and malware and can protect against phishing attempts by allowing to to block texts from unknown senders. It’s available for $29.99.

Read [SCMagazine]