Security researcher reveals iPhone design flaws

Apple's iPhone has two design flaws that could pose potential security problems, according to a researcher. The first one concerns the iPhone's e-mail application, which automatically downloads images within an e-mail, said Aviv Raff, a security researcher, on Thursday.

That's problematic because the image will refer back to a server-side script when it is downloaded, indicating to the sender that the e-mail has been opened and the e-mail address is valid. The address can then be spammed. E-mail applications usually are configured to block images from untrusted sources to prevent the problem, Raff said. He suggests that users avoid using the e-mail application or be careful when clicking on links in an e-mail that comes from an untrusted source.

View: The full story @ InfoWorld

Report a problem with article
Previous Story

AMD to launch nine 45nm Shanghai server CPUs in October

Next Story

Microsoft Settles on Sites for Search Centers in Europe

6 Comments

Commenting is disabled on this article.

Considering how if (and most likely I will) get a iPhone/iPod touch and will be using it to check my university's IMAP account - which BTW gets a jackload of spam - this is a bit troubling.

Can't be too hard for Apple to implement a "do not automatically load images" option in Mail.app.

Oh and "yawn" doesn't solve anything.

I see by the Mac user's comments that they are as concerned about security as Apple. Automatic image downloading was addressed in modern e-mail clients a long time ago. Did Apple really not make this option available? On another note I wonder how much the security researcher was compensated to "discover" this?

That's problematic because the image will refer back to a server-side script when it is downloaded, indicating to the sender that the e-mail has been opened and the e-mail address is valid.

Hmm, this is rather interesting. I thought they blocked the pictures in Windows apps because it could send malicious code, or because it could be porn or **** or something disgusting.

Not that I really mind though, but it's still something to know. I would still turn off this feature if they integrated it into the iPod Touch firmware.