Intego a security company, is reporting that is has found new Malware called iPhone/Privacy.A, which is capable of giving access of personal information to hackers on certain jailbroken iPhones. ONLY jailbroken iPhones/ iPod touches are vulnerable to this attack. While details are still scarce, it appears this attack gains access to the system the same […]
" />

Jailbroken iPhones Susceptible to New Malware Attack

Nov 12th 2009 by
privacy-illustration.png

Intego a security company, is reporting that is has found new Malware called iPhone/Privacy.A, which is capable of giving access of personal information to hackers on certain jailbroken iPhones. ONLY jailbroken iPhones/ iPod touches are vulnerable to this attack.

While details are still scarce, it appears this attack gains access to the system the same way the previously reported “rick-roll” worm was implemented. Additionally, it is still unclear how far the malware has spread. That said, Intego, at the time of this writing, categorizes the attack threat as “low.”

When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.

How does it gain access to the iPhone or iPod touch you ask? Well, luckily Intego has an answer for that too. It appears the the malware installs itself on the user’s computer, and then scans for vulnerable iPhone/iPod touches on the network.

This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.

Antivirus programs can prevent computers from becoming hosts for the malware. Intego goes on to mention that no software is installed on the iPhone/ iPod touch during the process, thus no external protection for vulnerable users can be utilized. The only way to prevent this is for vulnerable users to change their SSH passwords from the default.

So, two vulnerabilities in a short amount of time, both of which can be prevented if users of Jailbroken iPhones would change their SSH password, or better yet, not jailbreak their devices in the first place.

Image courtesy of Intego

Continue reading:

TAGS: