Jailbroken iPhones infected, again
Security experts report that a malicious worm is tunneling its way through Dutch iPhones
This may be one of those "I told you so" moments that gives comfort to people on both sides of the Apple-Microsoft divide: Those who claim that Apple's (AAPL) products are no more immune to malware attacks than Microsoft's (MSFT), and those who insist that Apple's operating systems are nearly impenetrable, as long as you play by the rules.
According to the Dutch security firm XS4ALL, a software worm has been spreading through the Netherlands that can seize control of iPhones without their owners' knowledge and hand it over to a server in Lithuania.
"This worm is doing really bad things," XS4ALL's Scott McIntyre told security.nl.
Only a few hundred iPhones have been infected so far, according to the BBC. But if the worm gets into large Wi-Fi networks, thousands could be at risk.
This is the third reported iPhone malware incident in as many weeks and by far the most dangerous.
In early November, a Dutch hacker seized control of jailbroken iPhones and posted a message offering to make them secure again for 5 euros. A week later, an unemployed programmer in Australia released a worm that changed the iPhone's background image to a picture of pop singer Rick Astley, a sly reference to Rickrolling, one of the Internet's most popular pranks (some 21 million fooled).
The new worm targets customers who use their iPhone to do online banking at ING through T-Mobile. To be at risk, the phones must be jailbroken — something Apple advises strongly against — have SSH (secure shell) installed, and have left the original password ("alpine") unchanged.
“As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason," an Apple spokesperson told The Loop's Jim Dalrymple. "These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."
Infected phones can be returned to their original condition by restoring the current Apple-supplied firmware through iTunes.
UPDATE: Sophos reports that the worm is using IP address 92.61.38.16 for command and control of jailbroken iPhones. Mobile operators you may want to block or at least monitor activity trying to communicate with this IP address.
See also:
- Why are there no Mac viruses?
- About those gangs of Russian hackers targeting Macs
- How to get "Rickrolled"
[Follow Philip Elmer-DeWitt on Twitter @philiped]
"UPDATE:" block 92.61.38.16 Good info but this should have a time/date stamp. And hopefully another UPDATE when resolved. That IP might be hijacked and 3 days, 3 mos. later that advice may be very stale.
Hahaha, yeah no duh on this one.
Basically what this article says here is:
If you remove the locks from your car (jailbreak), and put in keypad door handles, and then leave the password as the default one…. people can get in and steal your car.
No sh!t sherlock.
If you hack your iphone, or your car alike…. you gotta know what you are doing. Too many people dont know what they are doing, so they get hacked…. by no fault of Apple.
I suppose that the jailbreak community should program-in some kind of root password change dialogue, forcing jailbreakers to put in their own password. Really though… leave jailbreaking and ssh-access to the unix pro's. Just as you would leave car modifying to the body-shop pro's.
Thanks for making clear that the worm affects only jailbroken iPhones where the default password hasn't been changed. Many journalists have tried to use scare headlines.
This appears to a problem for those who messed with the security of the iPhone, so of course your opening it up to vulnerabilities. Otherwise, the iPhone shouldn't have any problems, I'm on my second one since the iPhone first came out, and haven't had any problems with viruses that I know of.
Apple provides a secure system, nothing has changed.
And this is precisely why Apple does not allow a free for all for iPhone developers.
If I was into conspiracy theories, I would say Apple is behind this. But, it's probably just a fanboy seeking to protect their master.