Tuesday, December 16, 2014

iOS Anti-Phishing Functionality: Marginal

Anti-Phishing Features in iOS are of Limited Value

The anti-phishing functionality in iOS is functional, but there is a significant lag in updating the phishing site database, According to Apple, when turned on the functionality should alert you if you click on a link to a known phishing site.



Enabling this feature on my iPhone (5s running iOS version 8.1.2) seemed to work, but only if I go back to phishing sites that were reported the previous day. I used sites reported by phishtank.com for the test. 

The following sites were tested. These included sites identified within the last 24 with the most recent reports first.  (Note these are documented phishing sites. Visit at your own risk.). The first few sites were not detected as phishing sites when clicked on in my iPhone Safari browser. Only the last two. However, on desktop chrome browser, all of the following links presented a warning.


  1. http://www.89jzlm.com/c.htm
  2. http://smartstayzzzinns.com/
  3. http://yengeec.com/scar/sure/
  4. http://www.accedi.esy.es/
  5. http://zenhair4arab.com/p3yp3l.org/paypal/
When successfully identified as phishing sites with my iPhone (sites 4 & 5, above) the following message was displayed.




Conclusion

Be wary. According to the Anti-Phishing Working Group  (APWG) "Apple became the world’s most-phished brand" this year. Phishing sites tend to be somewhat temporary anyway, with an average uptime of less than 33 hours according to APWG in its report from June of 2014. As such Apple's delay in updating its phishing database makes it of very limited value given that phisher's are adept at acting fast using new phishing sites for active campaigns.

How to configure anti-phishing

You'll still need to be aware of websites you visit (difficult on a mobile browser) and be wary of submitting your credentials, but it still makes sense to ensure that you have the anti-phishing settings turned on. Here's how:


Go to Settings-->Safari and turn on "Fraudulent Website Warning".







No comments:

Post a Comment