In August, we noted how Trend Micro Smart Surfing for iPhone protected users against a potential iOS vulnerability. Today, we have word of another potential problem that Trend Micro Smart Surfing for iPhone is able to protect against.
An independent security researcher noted that in certain cases the Safari browser hides the address bar after a website has finished loading. This can be used to add an added layer of believability to phishing attacks. The legitimate URL of the phished site can be placed in a fake address bar. If the real address bar has hidden itself, the fake bar would be seen, leading the users to think they are on the legitimate page.
To demonstrate this proof-of-concept (POC) attack, the researcher created a fake Bank of America page. A keen-eyed user would note that while the page is loading, two address bars could be seen but once loaded, the real address bar hides itself.
However, when the said POC page is loaded through Trend Micro Smart Surfing for iPhone, the address bar can always be seen—not just when the page is being loaded.
Because Trend Micro Smart Surfing for iPhone always displays the system’s address bar, users are immediately warned of any site that uses this POC attack. In addition, phishing sites that use this as part of their techniques will be blocked as well.
Trend Micro Smart Surfing for iPhone is a completely free application offered to all iPhone users and is available via the App Store or the Trend Micro Free Tools portal.