The first concerns the iPhone's email application, which automatically downloads images within an e-mail, said Aviv Raff, a security researcher, on Thursday.Apple already knew about this design flaw when they released the iPhone. Also I wrote the support several times about how to disable the loading of images but all I heard back (from both Apple and t-mobile) was that this feature is not available. The support person did not not confirm that this is a security issue or write back anything in particular about this problem.
That's problematic because the image will refer back to a server-side script when it is downloaded, indicating to the sender that the e-mail has been opened and the e-mail address is valid. The address can then be spammed.
It's the same problem (with Apple, not with the products!) that they don't listen to the community or bug reports - I also reported the SSL issue in MobileMe as a detailed bug report and through the support. The bug report was closed with "thanks, we don't confirm anything" and the tech support.... uhm... to be polite: was not very tech savy and said "SSL is not needed as MobileMe uses JavaScript and CSS"....
Grml. Why the heck don't they fix those issues and take more care about the security of their users data? Is Steve Jobs himself using MobileMe and exposing all his calendar data, business contacts and mails to the public? Would be interested to hear back from him... or is he not using his own service?
Read more about the iPhone security issues.
Comments (0):