iPhone Techie

Jailbroken iPhone users have been under attack by hackers twice this month. Third one is a charm, Intego detects First Malicious iPhone Malware.First one which we did warned you about was when a Dutch hacker tried to access jailbroken iPhones through SSH in his native country Netherlands.

He was successful in sending totally off guarded users a message that read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”.

The second development was an attempt by an Australian who successfully injected a worm called “ikee” into jailbroken iPhones whose users forgot to change their root password for SSH. Victims of ikee virus were astonished to find their home screen background automatically changed to that of Rick Astley. ikee virus spread like a chain reaction from iPhones on one cellular network, to iPhones on other.

In the first case, the Dutch hacker regretted his action and reverted everything back, whereas in the second case, it was simply an experiment by the young Aussie whose worm ikee did not do any harm to the victims iPhone.

All these attacks had one thing in common, they were targeted towards jailbroken iPhone users who were using the default root : alpine username/password combination. In our earlier post we had already recommended you all on how to secure and how to protect your iPhone against such vulnerabilities.

Remember, we have warned your about the SSH password and the vulnerability of the Jailbroken Devices… If you what to change your SSH Root Password (You should) follow these tutorials.

Previous attacks did not do much harm but this new one which is identified as iPhone/Privacy.A virus carries alot more risk. As reported by MobileCrunch, the computer security firm Intego has identified the truly malicious malware named iPhone/Privacy.A that targets jailbroken iPhones with default user/password combo and is probably the first harmful one of its kind.

The virus in question gives a hacker complete access on the victim’s iPhone. The hacker can access and copy any user data from the jailbroken device, including emails, contacts, calendars, photos, SMSs, videos, in fact any data the hacker wants.

Intego explains iPhone/Privacy.A Virus in more detail as follows:

Exploit: iPhone/Privacy.A

Discovered: November 10, 2009

Risk: Low

Description: Following the recent discovery of a worm that changes wallpaper on iPhones1, Intego has spotted another piece of malware that attacks iPhones, one that is far more dangerous than the ikee worm. This hacker tool, which Intego identifies as iPhone/Privacy.A, takes advantage of the same vulnerability in the iPhone as the ikee worm, allowing hackers to connect to any jailbroken iPhone (iPhones hacked to allow installation of software other than throug iTunes) whose owners have not changed the root password.

It is important to note that standard, non-jailbroken iPhones are not at risk; it is extremely dangerous to jailbreak an iPhone because of the vulnerabilities that this process creates. (Estimates suggest that 6-8% of iPhones are jailbroken.)

When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.
Hackers using this tool will install it on a computer – Mac, PC, Unix or Linux – then let it work. It scans the network accessible to it, and when it finds a jailbroken iPhone, breaks into it, then steals data and records it.

This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.

Means of protection: Intego VirusBarrier X5 detects and eradicates this program on Macs, and identifies it as iPhone/Privacy.A. While it is not possible to protect the iPhone from this hacker tool – it does not install anything on an iPhone – VirusBarrier X5 can ensure that Macs, especially in businesses, are protected from this hacker tool being installed.
We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild. While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices.

About Intego
Intego develops and sells desktop and server security and privacy software for Macintosh.

Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego’s multilingual software repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan.

It is highly recommended that you change your iPhone’s default SSH mobile and root password now. A complete step by step guide on how to change your jailbroken iPhone’s SSH password can be found here.