Jailbroken iPhones Hit with Another Worm

| News

Jailbroken iPhone owners are facing yet another potential security threat now that a new worm is users in the Netherlands. The new threat acts like a botnet and redirects ING online bank customers to a phishing site.

Like previous iPhone worms, this new threat works only on iPhones that have been hacked to support unauthorized third-party applications, have SSH installed, and are still using the default root password. The worm spreads between iPhones that are on the same Wi-Fi network, according to the security research firm F-Secure.

So far, the number of infected iPhones is estimated to be in the hundreds. "It's fairly isolated and specific to Netherlands but it is capable of spreading," said F-Secure research director Mikko Hypponen.

ING Bank is alerting its customers to the potential threat and is reminding them that the threat impacts only jailbroken iPhones.

The first iPhone worm to appear used a similar method to jump from iPhone to iPhone, and initially asked victims for €5. That worm was later changed to offer instructions on protecting jailbroken iPhones.

A second worm appeared shortly after, although it was far less dangerous because it only added a new locked screen graphic showing 80's pop star Rick Astley. A more dangerous worm appeared a few days later that could copy data off of a victim's iPhone.

Since the attacks all impact hacked iPhones, the safest defense is to not jailbreak your handset. For users with jailbroken iPhones, changing the root password should block the attacks as well.

[Thanks to the BBC for the heads up.]

Popular TMO Stories


Jeff Gamet

Keep in mind: This worm impacts only jailbroken iPhones. If you aren’t sure how to change your iPhone’s root password, you might not want to hack it.


If you aren?t sure how to change your iPhone?s root password, you might not want to hack it.

Because it’s so hard to use passwd while logged on as root?


The “more dangerous worm” as you call it, links to a story about the iPhone/Privacy.A (so-called by Intego Antivirus) HACKER TOOL.  This may be nitpicking, but iPhone/Privacy.A is not a worm (or virus) that spreads from iPhone to iPhone.  It is a piece of software that is on Mac computers that allows someone to exploit the same vulnerability (open ssh server with default passwords) that the previous worm did, but it is not a worm.  I think it’s safe to assume in most cases that iPhone/Privacy.A (is on someone’s Mac because they installed it there for their OWN nefarious purposes.  An exception might be a bad guy who’s already somehow compromised your Mac for their own use.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account