Security firm Intego reports that it has spotted new malware, termed iPhone/Privacy.A, that is capable of allowing hackers to access personal information stored on certain jailbroken iPhones and iPod touches. Non-jailbroken iPhones are not vulnerable to the malware.
While full details of the tool are not disclosed, it is reported to utilize the same method as the "Rickrolling" worm deployed in Australia late last week, suggesting that the new malware would only affect jailbroken iPhones and iPod touches whose users have installed SSH for remote access capabilities and failed to change the default password. It is unclear the extent to which the tool has been seen in the wild, although Intego currently categorizes the risk of the malware as "low".
When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone.
Intego notes that the tool works by being installed onto a computer and then scanning the computer's network to find vulnerable iPhones.
This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet caf and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
While antivirus software can protect computers from serving as hosts for the malicious software, Intego also notes that because no software is installed on the iPhone or iPod touch during the process, no external protection for users who are vulnerable to the malware can be deployed. Vulnerable users must change their default SSH passwords in order to thwart access attempts.