The iPhone virus now has a payload

By David Heath
Thursday, 12 November 2009 03:59

Security

As expected, the Naughty Lads of the Internet have picked up the original iPhone virus and made it do something 'useful.'  If you have a jailbroken iPhone or iPod Touch, change the SSH password NOW!

iTWire has published a number of stories on the recent iPhone / iPod Touch virus Ikee and it was alluded in these that the naughty boys would pick up on the basic code and make it do something useful.

Guess what, they have already!

Reports are flooding in from a variety of virus research organisations that a new virus, called iPhone/Privacy.A is definitely stealing user data.  Peter James, of Intego, writing on his blog observes that, "When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone.

"Hackers using this tool will install it on a computer – Mac, PC, Unix or Linux – then let it work. It scans the network accessible to it, and when it finds a jailbroken iPhone, breaks into it, then steals data and records it."

James also observes that there is no reason why this wouldn't make a wonderful addition to a display PC in a computer store, after-all, computer store visitors are probably more likely to have jailbroken iPhones in their pocket!  Intego estimates that around 6 – 8% of all iPhones have been jailbroken.

David Harley, writing on his ESET blog confirms that the host-side data collection tool, being Python-based, will run on pretty-well any computer from MS-DOS, through Windows, Linux and Mac-OS.

By the way, for the (currently smug) non-jailbroken iPhone owners, noted virus researcher Charlie Miller of Independent Security Evaluators (interviewed by Computerworld earlier this week) observed that "While jailbreaking your iPhone puts you at risk for this particular bug, its not the case that non-jailbroken iPhones are immune to attack.  The SMS vulnerability I talked about at Black Hat [last July] also would give root access to an iPhone whether it was jailbroken or not. And I certainly didn't find the only bug like that."

Instructions on changing the SSH password are contained in the cooments to the original iTWire article on the subject.

Tags:

Please enable JavaScript in your browser to post your comment!

SPONSORED PRESS RELEASES

Independent Research Shows High Customer Satisfaction for NetSuite
NetSuite Inc. (NYSE: N), a leading vendor of cloud computing business management software suites, today announced that technology advisory firm Nucleus Research has completed an independent survey of NetSuite customers and concluded that NetSuite customers are highly satisfied, l...
Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
ComOps Scoops Leading Position in SmartCompany Dun and Bradstreet IT Company Growth List
F5 APAC CIO Survey Underscores Need for Proactive Approach to Application Delivery and Cloud Computing
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking
WatchGuard Enhances Security Software
engin Launches Hosted Phone System for Australian Small Business

Featured IT jobs

Melbourne
Senior Software consultant
Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
Sydney
Database Developer - SQL Server 2005
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Melbourne
Hyperion Planning Consultant
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
Sydney
OBIEE BI/DW Consultant
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed

How YouTube is killing mobile networks, and what to do about it

Microsoft Surface slips into Australia

Wikileaks is back from the brink
 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases