iPhone Worms Get Mean, Steal Data
November 11th, 2009 at 9:50 AM - News by Jeff Gamet
Rickrolling iPhones with a worm seemed bad enough, but now it appears that a more malicious attack is making the rounds in the jailbroken iPhone community. The new worm, dubbed iPhone/Privacy.A, can hop onto jailbroken iPhones and download the handset's data.
The security research company Intego is calling the security risk low because it requires iPhone owners to jailbreak their smartphone and to leave the default root password unchanged. Attackers also need to run an application on their computer to sniff out jailbroken iPhones on the same network.
"When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app," Intego said in a security report. "Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone."
iPhone/Privacy.A isn't the first threat to crop up that targets jailbroken iPhones. The ikee worm surfaced a few days ago in Australia, but instead of stealing user data it installs a new wallpaper image of 80's pop singer Rick Astley. A few days before that, jailbroken iPhone owners in the Netherlands started seeing a message appear on their screens from a hacker wanting €5.
Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren't available through Apple's App Store, are susceptible to the attack, and only if the default root password hasn't been changed. Since the attack relies on the default root password, which is the same on all iPhones, users that do jailbreak their handsets should change the default SSH password to avoid the worm.
"We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild," Intego said. "While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices."
8 Observer Comments
So what Intego is really saying is the stupid shall be punished. Is that about right?
Actually, what they’re saying is that the stupid will be punished first.
It’s the low hanging fruit analogy. Easiest to attack. Set themselves up. You know, the average potential recipients of the Darwin awards.
The question that I have for the TMO is: Should every user of the iPhone, whether or not it’s jailbroken, change their iPhones’ root password? And, if the answer is yes, how do you do it?
The question that I have for the TMO is: Should every user of the iPhone, whether or not it’s jailbroken, change their iPhones’ root password? And, if the answer is yes, how do you do it?
If I am understanding this correctly you need to change the default password in SSH which you need to install on a fugitive iPhone. Also I think that SSH need to be running.
Sir Harry: Thanks. I thought that the compromised software, SSH, was part of the iPhone OS. I am glad to learn that it is not.
Here is another powerful argument against “security through obscurity” myth regarding lack of malware for Mac OS X. Apparently, someone had bothered to write malicious code for a platform that has at best a few thousand users (jailbroken iPhone). And yet, with tens of millions of machines constantly connected to the internet, and NO antivirus software on them, nobody has yet bothered to write a malicious piece of software that would do serious damage.
This article is INCORRECT.
“Only iPhones that have been jailbroken, or hacked to allow the installation of third-party apps that aren’t available through Apple’s App Store, are susceptible to the attack, and only if the default root password hasn’t been changed.”
You missed a step. The user must:
1. Jailbreak the phone/iPod
2. Install SSH.
3. Ignore a warning that they should change their password and neglect the simple instructions on how to do so.
4. Enable SSH after every single time the phone/iPod boots.
Recent Headlines - Updated September 6th
- Sat, 10:45 AM
- News - iOS 4.1 Launch Set for Sept 8
- Fri, 8:09 PM
- News - Ping Tops 1 Million Users in Two Days
- 5:03 PM
- News - Quantcast: Android Eats into iOS Lead of Mobile Browsing
- 4:24 PM
- Free on iTunes - Netflix, Fotopedia, The Citadel and More
- 2:49 PM
- John Martellaro's Blog - Particle Debris (wk. ending 9/3) A Bundle of Critical Thinking
- 1:26 PM
- Deal Brothers - Cavalry Storage 1TB USB 2.0 External Hard Drive: $59.99
- 11:22 AM
- Games - Assault Commando Hits the App Store
- 10:46 AM
- Product News - Chronicle for Mac Adds Income Tracking
- 10:06 AM
- Hot Forum Topic - Reader Debate: Why Buy the New Apple TV
- 9:30 AM
- News - Facebook May Be Blocking Ping
- 8:51 AM
- TMO Appearances - Dave Hamilton, Chuck La Tournous Discuss Apple Media Event on MacJury
- 8:19 AM
- News - Apple Highlights Upcoming iPad Features
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
Mac Memory and Hard Drives: MacBook Pro Memory 8GB kits $275.99! iMac Memory 4GB Kits for $109.99! Mac Pro Memory 8GB Kits for $289.99, 64GB for $2,839.99! Mac Hard Drives 2TB Seagate SATA II for $149.99! Click Here!
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
It didn’t take long to go from rickrolling to stealing data. No doubt we’ll see more copycat threats in short order. If you jailbreak your iPhone, be sure to change the default root password.