iPhone Worms Get Mean, Steal Data

November 11th, 2009 at 9:50 AM - News by Jeff Gamet

Rickrolling iPhones with a worm seemed bad enough, but now it appears that a more malicious attack is making the rounds in the jailbroken iPhone community. The new worm, dubbed iPhone/Privacy.A, can hop onto jailbroken iPhones and download the handset's data.

The security research company Intego is calling the security risk low because it requires iPhone owners to jailbreak their smartphone and to leave the default root password unchanged. Attackers also need to run an application on their computer to sniff out jailbroken iPhones on the same network.

"When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app," Intego said in a security report. "Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone."

iPhone/Privacy.A isn't the first threat to crop up that targets jailbroken iPhones. The ikee worm surfaced a few days ago in Australia, but instead of stealing user data it installs a new wallpaper image of 80's pop singer Rick Astley. A few days before that, jailbroken iPhone owners in the Netherlands started seeing a message appear on their screens from a hacker wanting €5.

Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren't available through Apple's App Store, are susceptible to the attack, and only if the default root password hasn't been changed. Since the attack relies on the default root password, which is the same on all iPhones, users that do jailbreak their handsets should change the default SSH password to avoid the worm.

"We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild," Intego said. "While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices."

8 Observer Comments

Jeff Gamet said on November 11th, 2009 at 11:01 AM:

It didn’t take long to go from rickrolling to stealing data. No doubt we’ll see more copycat threats in short order. If you jailbreak your iPhone, be sure to change the default root password.

danmanteufel said on November 11th, 2009 at 11:38 AM:

So what Intego is really saying is the stupid shall be punished. Is that about right?

Tiger said on November 11th, 2009 at 12:47 PM:

Actually, what they’re saying is that the stupid will be punished first.

It’s the low hanging fruit analogy. Easiest to attack. Set themselves up. You know, the average potential recipients of the Darwin awards.

Nemo said on November 11th, 2009 at 1:07 PM:

The question that I have for the TMO is: Should every user of the iPhone, whether or not it’s jailbroken, change their iPhones’ root password? And, if the answer is yes, how do you do it?

Sir Harry Flashman said on November 11th, 2009 at 1:24 PM:

The question that I have for the TMO is: Should every user of the iPhone, whether or not it’s jailbroken, change their iPhones’ root password? And, if the answer is yes, how do you do it?

If I am understanding this correctly you need to change the default password in SSH which you need to install on a fugitive iPhone. Also I think that SSH need to be running.

Nemo said on November 11th, 2009 at 3:34 PM:

Sir Harry: Thanks. I thought that the compromised software, SSH, was part of the iPhone OS. I am glad to learn that it is not.

vasic said on November 11th, 2009 at 6:09 PM:

Here is another powerful argument against “security through obscurity” myth regarding lack of malware for Mac OS X. Apparently, someone had bothered to write malicious code for a platform that has at best a few thousand users (jailbroken iPhone). And yet, with tens of millions of machines constantly connected to the internet, and NO antivirus software on them, nobody has yet bothered to write a malicious piece of software that would do serious damage.

computerbandgeek said on November 12th, 2009 at 11:49 PM:

This article is INCORRECT.

“Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren’t available through Apple’s App Store, are susceptible to the attack, and only if the default root password hasn’t been changed.”

You missed a step. The user must:
1. Jailbreak the phone/iPod
2. Install SSH.
3. Ignore a warning that they should change their password and neglect the simple instructions on how to do so.
4. Enable SSH after every single time the phone/iPod boots.

Page 1 of 1 pages

Commenting is not available in this section entry.

Recent Headlines - Updated March 21st

Fri, 5:55 PM: Games - Namco Releases Match-Three Game Tinseltown Dreams to the App Store
5:16 PM: News - iPad Launch Day Deadline for Developers: March 27
5:11 PM: News - Steve Jobs Helps Promote Organ Donor Legislation
4:06 PM: iPad - VIVmag Shows Off Interactive iPad Version in the Works
3:07 PM: App Store - Microsoft Yanks Bing App From Foreign App Stores
2:05 PM: iObserver - Analysts Downgrade Troubled Palm Amid Severe Revenue Drop
1:35 PM: In-Depth Review - PhoneSuite MiLi Packs a Powerful Punch
1:11 PM: News - YouTube to Viacom: Sue Yourself
11:34 AM: Product News - PocketMac for BlackBerry 5 Improves Snow Leopard Support
10:59 AM: News - Apple iGroups Patent Hints at Social Networking Plans
10:20 AM: Hot Forum Topic - Reader Discussion: Who Will Buy Palm?
9:50 AM: News - Bharti Airtel Lands India iPhone 3GS Deal

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
Mac Memory and Hard Drives: MacBook Pro Memory 8GB kits $349.99! iMac Memory 4GB DDR Kits for $109.99! Mac Pro Memory 4GB Kits for $135.99! Mac Hard Drives 1.5TB Seagate SATA II for $147.99! Click Here!
CarMD Handheld Device & Mac/PC Software System saves you time and money on car maintenance and repair. Buy at www.CarMD.com! Save $10 with code TMO2.
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.