Got a tip for us? Share it...

New Malicious Worm Affects Jailbroken iPhones in Netherlands [Updated x2]

BBC reports that a third worm has been discovered that attacks certain jailbroken iPhones. The malicious software was discovered by security company F-Secure but appears to be isolated and specific to the Netherlands.

It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank's customers to a lookalike site with a log-in screen.

F-Secure estimates the number of affected phones to be only in the "hundreds" at this point, though it could theoretically spread. The worm appears to exploit the same users as the harmless Australian worm which displayed a photograph of popsinger Rick Astley. A second worm operating using the same mechanism was found just days later to be capable of accessing personal information. Only individuals who had specifically jailbroken their iPhones, installed SSH and not changed the default password seem to have the potential to be affected.

This particular worm, however, is potentially far more serious as according to F-Secure it also "enables the phone to be accessed or controlled remotely without the permission of its owner."

Update: Additional information from Intego reveals that the worm also steals personal data as well as opens the iPhone up to further access/control.

When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices

Update 2: The Loop reports that Apple has issued a brief statement regarding the latest threat:

"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

Top Rated Comments

(View all)

29 months ago
http://news.bbc.co.uk/1/hi/technology/8373739.stm

This one looks a looks a bit nasty!
Rating: 0 Positives / 0 Negatives
29 months ago

http://news.bbc.co.uk/1/hi/technology/8373739.stm

This one looks a looks a bit nasty!


ok so you jailbreak your phone do the ssh thing automaticly get installed or is it something that the jailbreaker can install on is device?
Rating: 0 Positives / 0 Negatives
29 months ago

ok so you jailbreak your phone do the ssh thing automaticly get installed or is it something that the jailbreaker can install on is device?


you choose whether to install it or not...

even if you have it installed, u can remove it via Cydia..

if you do install, and use SSH, then obviously change the default password :)
Rating: 0 Positives / 0 Negatives
29 months ago
classic fear mongering. I understand that this is a problem, but why sensationalise it instead of reporting the facts. my favourite part is;
"Users who have installed SSH and not changed the password are especially at risk"
Surely they are the only ones at risk??
Rating: 0 Positives / 0 Negatives
29 months ago
Actually that didn't sound like sensationalization to me, and in the case of people who haven't done the obvious and changed the password perhaps it should be embiggened to some degree.
Rating: 0 Positives / 0 Negatives
29 months ago

Actually that didn't sound like sensationalization to me, and in the case of people who haven't done the obvious and changed the password perhaps it should be embiggened to some degree.


well yes, or simply a report written for those who are effected, namely jail broken iphone users, as i would imagine the majority of people just don't care.
(embiggened, lol, are you referencing The Simpsons or string theory.)
Rating: 0 Positives / 0 Negatives
29 months ago
Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.

I would not put it past Steve Jobs to have a small team that writes these worms.
Rating: 0 Positives / 0 Negatives
29 months ago
This is slightly putting me off of getting the iPhone, but if its only jailbroken iPhones. Clearly apples security is good its just when people illegally jailbreak them that the security fails.
Rating: 0 Positives / 0 Negatives
29 months ago

This is slightly putting me off of getting the iPhone, but if its only jailbroken iPhones. Clearly apples security is good its just when people illegally jailbreak them that the security fails.


If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!
Rating: 0 Positives / 0 Negatives
29 months ago
It's quite obvious that if you have the password for somebody's SSH you can do pretty much anything you want with it. There is nothing unsafe about jailbreaking your iPhone in itself. It's like posting your bank password online and then being surprised that the money is gone.
Rating: 0 Positives / 0 Negatives

[ Read All Comments ]