It's possible to craft a malicious website so that a user's clicks are secretly redirected to a legitimate site in a way that steals a user's passwords and other data. Many Web developers have added protections to block the tactic on standard Web sites, but Stanford University researchers warn that there are not nearly enough defenses against the technique on mobile websites, which are accessed from devices such as the iPhone.
As a result, a smart-phone user could think he's tapping to check a baseball score but is actually tapping on a button in a hidden page to confirm a money transfer.
Comments