Security researchers are warning that the recent 3.1 update to Apple’s iPhone software doesn’t prevent phishing attacks consistently or as well as the company’s desktop version of the Safari browser. The anti-phishing feature should warn users when they may be visiting known phishing sites designed to illegally capture user’s personal information.
But researchers at both ZScaler and Intego say they were able to visit a number of known phishing sites using an iPhone and the Mobile Safari browser without any warning.
Conversely, the desktop version of Safari blocked access to those same sites. Both companies listed examples in blog posts of phishing sites they were able to visit unimpeded. In one example, [Intego says](http://blog.intego.com/2009/09/10/apple-adds-safari-anti-phishing-feature-that-doesnt-work-to-iphone/) it was able to visit a phony PayPal site on the iPhone that was blocked by Safari on Mac OS X.
“Apple released iPhone OS 3.1 and once again specifically called out phishing protection,” said Zscaler’s Michael Sutton in [a blog post](http://). “In fact, within the Safari settings, there is now a Security section with a Fraud Warning option.
“By selecting this option, which is on by default, you will be “warn[ed] when visiting fraudulent websites”. Sounds great. The problem? It doesn’t work.”
