New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

New Malicious Worm Affects Jailbroken iPhones in Netherlands [Updated x2]

Monday November 23, 2009 5:21 am PST by Arnold Kim
BBC reports that a third worm has been discovered that attacks certain jailbroken iPhones. The malicious software was discovered by security company F-Secure but appears to be isolated and specific to the Netherlands.

It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank's customers to a lookalike site with a log-in screen.

F-Secure estimates the number of affected phones to be only in the "hundreds" at this point, though it could theoretically spread. The worm appears to exploit the same users as the harmless Australian worm which displayed a photograph of popsinger Rick Astley. A second worm operating using the same mechanism was found just days later to be capable of accessing personal information. Only individuals who had specifically jailbroken their iPhones, installed SSH and not changed the default password seem to have the potential to be affected.

This particular worm, however, is potentially far more serious as according to F-Secure it also "enables the phone to be accessed or controlled remotely without the permission of its owner."

Update: Additional information from Intego reveals that the worm also steals personal data as well as opens the iPhone up to further access/control.

When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices

Update 2: The Loop reports that Apple has issued a brief statement regarding the latest threat:

"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."



[ 143 comments ]