iPhone Worms Get Mean, Steal Data

| News

Rickrolling iPhones with a worm seemed bad enough, but now it appears that a more malicious attack is making the rounds in the jailbroken iPhone community. The new worm, dubbed iPhone/Privacy.A, can hop onto jailbroken iPhones and download the handset's data.

The security research company Intego is calling the security risk low because it requires iPhone owners to jailbreak their smartphone and to leave the default root password unchanged. Attackers also need to run an application on their computer to sniff out jailbroken iPhones on the same network.

"When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app," Intego said in a security report. "Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone."

iPhone/Privacy.A isn't the first threat to crop up that targets jailbroken iPhones. The ikee worm surfaced a few days ago in Australia, but instead of stealing user data it installs a new wallpaper image of 80's pop singer Rick Astley. A few days before that, jailbroken iPhone owners in the Netherlands started seeing a message appear on their screens from a hacker wanting €5.

Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren't available through Apple's App Store, are susceptible to the attack, and only if the default root password hasn't been changed. Since the attack relies on the default root password, which is the same on all iPhones, users that do jailbreak their handsets should change the default SSH password to avoid the worm.

"We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild," Intego said. "While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices."

Comments

Jeff Gamet

It didn’t take long to go from rickrolling to stealing data. No doubt we’ll see more copycat threats in short order. If you jailbreak your iPhone, be sure to change the default root password.

danmanteufel

So what Intego is really saying is the stupid shall be punished. Is that about right?

Tiger

Actually, what they’re saying is that the stupid will be punished first.

It’s the low hanging fruit analogy. Easiest to attack. Set themselves up. You know, the average potential recipients of the Darwin awards.

Nemo

The question that I have for the TMO is:  Should every user of the iPhone, whether or not it’s jailbroken, change their iPhones’ root password?  And, if the answer is yes, how do you do it?

Lee Dronick

The question that I have for the TMO is:? Should every user of the iPhone, whether or not it?s jailbroken, change their iPhones? root password?? And, if the answer is yes, how do you do it?

If I am understanding this correctly you need to change the default password in SSH which you need to install on a fugitive iPhone. Also I think that SSH need to be running.

Nemo

Sir Harry:  Thanks.  I thought that the compromised software, SSH, was part of the iPhone OS.  I am glad to learn that it is not.

vasic

Here is another powerful argument against “security through obscurity” myth regarding lack of malware for Mac OS X. Apparently, someone had bothered to write malicious code for a platform that has at best a few thousand users (jailbroken iPhone). And yet, with tens of millions of machines constantly connected to the internet, and NO antivirus software on them, nobody has yet bothered to write a malicious piece of software that would do serious damage.

computerbandgeek

This article is INCORRECT.

“Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren’t available through Apple’s App Store, are susceptible to the attack, and only if the default root password hasn’t been changed.”

You missed a step. The user must:
1. Jailbreak the phone/iPod
2. Install SSH.
3. Ignore a warning that they should change their password and neglect the simple instructions on how to do so.
4. Enable SSH after every single time the phone/iPod boots.

Log-in to comment