BBC News is reporting that another new worm attacking jailbroken iPhones. The worm was discovered by the security firm F-Secure, and the attacks appear to be localized to the Netherlands. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank’s […]
" />

Another Malicious Worm Attacks Jailbroken iPhones, This Time in the Netherlands

Nov 24th 2009 by

Screen shot 2009-10-27 at 7.51.09 PM.pngBBC News is reporting that another new worm attacking jailbroken iPhones. The worm was discovered by the security firm F-Secure, and the attacks appear to be localized to the Netherlands.

It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank’s customers to a lookalike site with a log-in screen.

F-Secure places the number of affected devices in the “hundreds” at this time. This attack appears to exploit the same weakness as the previous two worm attacks. The attack is carried out on jailbroken iPhones, with SSH installed with the default password still set.

However, this attack could be used for malevolent means. According to F-Secure this worm “enables the phone to be accessed or controlled remotely without the permission of its owner.” Intego goes on to tell us that the attack could also be used to steal personal data, and open up the device for even further control.

When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices

Finally The Loop is reporting that Apple has released a statement regarding the attack, and washing their hands of the whole situation.

“The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software,” Apple spokesperson, Natalie Harrison, told The Loop. “As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.”

Moral of the story? Don’t jailbreak your iPhone or iPod touch, and if you do, change your SSH password to something, anything, besides the default.

Continue reading:

TAGS: