backtop


Print 47 comment(s) - last by pickymeek.. on Nov 24 at 6:49 PM

Jailbroken iPhone users with SSH and a default password are the target

The iPhone is one of the most popular smartphones on the market. By most accounts, the iPhone is the most likely of all smartphones to be used on the internet to access files on the go. There are also a growing number of iPhone users who are jailbreaking the devices to use unauthorized Apple software or to use the devices on other carrier networks.

Over the last few weeks, a worm targeted specifically at iPhones which are jailbroken and have SSH installed with the default password was found. The original worm was nothing more than an irritation and would change the background image of the iPhone to a picture of washed up pop star Rick Astley. Embarrassing for sure, but hardly what most would consider malicious.

A similar worm targeting jailbroken iPhones with SSH and the default password -- alpine -- is making its rounds in the Netherlands. The new worm is different from the first in that the latest is clearly malicious and has a financial motive behind it for the worm maker. BBC News reports that security firm F-Secure discovered the worm and that it targets users of Dutch online bank ING. The worm infects the iPhone and redirects the user to a fake login page.

Mikko Hypponen from F-Secure told BBC News, "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it."

At least for now the worm is limited to the Netherlands. However, the security firm points out that the worm could spread to more countries. The number of iPhones thought to be infected numbers only in hundreds. The worm is capable of spreading itself to other vulnerable iPhones that are connected to the same hotspot. A representative from ING told BBC News that it has alerted call center personal and that an official message would be placed on the ING bank website.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Security through imprisonment is stupid
By Tony Swash on 11/23/2009 3:13:03 PM , Rating: 1
What a silly analogy. Apple created a very secure and stable and complex platform for their phone which allowed it to offer their customers a user experience which has proved hugely popular.

Some of these customers, despite lots of warnings, have chosen to break that secure and stable system (rather than, say, buying a different phone that doesn't have the Apple approach to security) and the result is that their phones get hacked with malicious exploits.

Looks like a case of tough sh*t to me - what the hell did they expect!


RE: Security through imprisonment is stupid
By AyashiKaibutsu on 11/23/2009 3:26:44 PM , Rating: 2
They were idiots given ample warning of the vulnerability. Apple has shown bias in their acceptance of software, and that many people go out of their way to break from their system shows it's not as popular as you think, but more that many just accept it for lack of alternatives (although more options are appearing now).

I'm sure if whenever someone first started their iPhone and got asked if they wanted a secure system that was spoonfed the aps apple wants them to have or free to install what they want but with vulnerabilities, most people would pick the later.


By Tony Swash on 11/23/2009 7:15:45 PM , Rating: 2
quote:
I'm sure if whenever someone first started their iPhone and got asked if they wanted a secure system that was spoonfed the aps apple wants them to have or free to install what they want but with vulnerabilities, most people would pick the later.


I think you are totally wrong. I think most people (particularly given the widespread experiences with insecure Windows based PCs) want a stable and secure phone and are very happy to have a 100,000 vetted and safe apps to choose from. Every indicator points to the Apple phone model being extremely successful in the market place.

If people want to fiddle about technically with their iPhones, and in the process breaking the security system and opening themselves up to hacks and attacks, then they can - I think they are being silly but its their phones. Why should Apple help them?


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki