Malicious worm attacks, steals data from jailbroken iPhones

Posted:
in iPhone edited January 2014
iPhones with modified software could be vulnerable to a new, malicious worm that can allow remote access and control without the owner's knowledge or permission.



It is estimated that hundreds of users are currently affected by a worm that targets users of "jailbroken" iPhones who live in the Netherlands and use the bank ING Direct. But security company F-Secure told the BBC that the currently isolated issue could easily jump to thousands of handsets. The worm is reportedly spread between phones when they share the same Wi-Fi spot.



In order for an iPhone to be vulnerable to the new worm, they must have willingly modified their handset's software to allow them to run unauthorized code. Phones can be jailbroken to run applications or modify the system in ways not approved by Apple.



The worm only affects jailbroken phones that have SSH (secure shell) installed, without the default password -- "alpine" -- changed. It employs the same method as a previous worm, Ikee, that was not malicious. Instead, the wallpaper-changing prank simply changed the user's background to a picture of 1980s pop star Rick Astley, who sang the 1987 hit "Never Gonna Give You Up."



But the new worm reportedly has botnet functionality and connects to a Web-based command and control center based in Lithuania.



For now, the worm is only aimed at customers who live in the Netherlands and bank with ING Direct. The online bank intends to put a warning on its Web site.



This summer, a text messaging exploit was discovered by security researcher Charlie Miller that could allow someone to take control of the iPhone. Apple quickly fixed the issue. The exploit exposed the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari.
«134

Comments

  • Reply 1 of 62
    http://support.apple.com/kb/HT3743



    Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues



    Last Modified: July 30, 2009

    Article: HT3743



    As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:





    Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.



    Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.



    Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.



    Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.



    Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.



    Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.



    Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.
  • Reply 2 of 62
  • Reply 3 of 62
    This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!



    If you jailbreak your phone you are on your own!



    I'm sure Apple will still take some shit for this because some do not understand the vulnerable and think all iPhones are susceptible, or just think that Apple is responsible for anything and everything regardless if the phone is jail-broken.



    KRR
  • Reply 4 of 62
    Serves them right for not changing their root password. That's just opening a can of worms right there.
  • Reply 5 of 62
    Quote:
    Originally Posted by Quadra 610 View Post


    http://support.apple.com/kb/HT3743



    Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues



    Last Modified: July 30, 2009

    Article: HT3743



    As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:





    Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.



    Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.



    Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.



    Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.



    Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.



    Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.



    Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.



    Have you heard, Jailbreaking your Phone also increases your risk of cancer too.



    Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.



    Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.
  • Reply 6 of 62
    saareksaarek Posts: 1,520member
    This is great, let all of the cheapskates who jailbreak their phones so that they can steal software burn!
  • Reply 7 of 62
    patspats Posts: 112member
    Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements
  • Reply 8 of 62
    Quote:
    Originally Posted by Masterz1337 View Post


    Have you heard, Jailbreaking your Phone also increases your risk of cancer too.



    Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.



    Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.



    No offense taken.



    You learn to develop a thick sin on these forums. But your comment wasn't in any way confrontational.



    Apple has to cover all the bases when it comes to this. Yes, some of those are exaggerations, and are in the realm of "possible but unlikely." However, when I see the headline: "Malicious worm attacks, steals data from jailbroken iPhones", it does seem rather disturbing. When it comes to your data and (potentially) compromised security re banks, Apple's support page about jailbreaking does resonate a little more with me.
  • Reply 9 of 62
    Quote:
    Originally Posted by pats View Post


    Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements



    It is pain to see such post about jailbreaking. Yes it is security risk if you install SSH and don't change the root password, similar to one of jumping out of airplane without parachute. Does this mean airplanes should be banned as too much of security risk ? You and Apple would say so.
  • Reply 10 of 62
    Quote:
    Originally Posted by Quadra 610 View Post


    You learn to develop a thick sin on these forums.



    I myself prefer a thick skin, but each to his own.....
  • Reply 11 of 62
    hehe...
  • Reply 12 of 62
    Repeat again what has been said in another forum. It is interesting to see that Mac OS X comes "jailbroken" from the manufacturer, and no one claims it is a security risks and the next version of it should only allow installation of Adobe Photoshop or Microsoft Office only through the iTunes after they go through indefinite process of software review. Wait, Office won't get through, as it duplicate functionality in iWorks as well as Firefox which duplicates features in Safari. Why it sounds so dumb if you take Mac OS X in account while it is pretty much the same system as iPhone OS ?



    There is nothing wrong with Jail break.
  • Reply 13 of 62
    gazoobeegazoobee Posts: 3,754member
    Quote:
    Originally Posted by jglavin View Post


    Serves them right for not changing their root password. That's just opening a can of worms right there.



    It's not the fault of idiots however, when they are handed poor tools that they don't understand how to use by other idiots.



    The fault here, and a large part of the blame, should be on those who promote jail-breaking IMO. There is a certain amount of darwinism in being the idiot that doesn't change their password, but the average idiot shouldn't be using SSH anyway, let alone using a version of it that leaves the password open and relies on them reading some complicated instructions to alleviate the danger.



    By making jailbreaking a "click-here" idiot-proof thing, and then further promoting it on websites to the same idiots, the jailbreakers themselves created this problem.



    I have quite a few friends now with jailbroken iPhones. They did it because it was "cool" and they wanted to change the wallpaper or something. They are not in fact idiots despite my language above, but they know nothing about the possible dangers and probably shouldn't be doing it.



    They don't even really understand what they are doing when they "jailbreak." I would argue that most don't. If they had to do it themselves, they wouldn't know how at all. These people are writers or artists, or business people, not computer experts.



    Sure, you can look at it and say "logically, they should have changed their password," and even point at the text file that told they should have, but that's not the whole of the blame.



    The people that enable the one-click jailbreaking, the web-sites that talk about how to do it, the promoters of it on forums like this, and those that write the articles on sites like this ARE also to blame. It's like giving loaded handguns to children to play with but telling them not to point it at their friends and thinking you've done your job.
  • Reply 14 of 62
    wigginwiggin Posts: 2,265member
    Quote:
    Originally Posted by Brainless View Post


    Repeat again what has been said in another forum. It is interesting to see that Mac OS X comes "jailbroken" from the manufacturer, and no one claims it is a security risks and the next version of it should only allow installation of Adobe Photoshop or Microsoft Office only through the iTunes after they go through indefinite process of software review. Wait, Office won't get through, as it duplicate functionality in iWorks as well as Firefox which duplicates features in Safari. Why it sounds so dumb if you take Mac OS X in account while it is pretty much the same system as iPhone OS ?



    There is nothing wrong with Jail break.



    Then again OS X doesn't come with a default password that you need to know to change!



    That's the danger of creating automated jailbreaks that allow people who don't know that they are doing to expose themselves to these risks.



    "I'll tell you the problem with the scientific power that you're using here. It didn't require any discipline to attain it. You read what others had done and you took the next step. You didn't earn the knowledge for yourselves, so you don't take any responsibility for it." - Dr Ian Malcolm



    (Sorry, could help myself including the quote. )
  • Reply 15 of 62
    hehe...
  • Reply 16 of 62
    chronsterchronster Posts: 1,894member
    Quote:
    Originally Posted by saarek View Post


    This is great, let all of the cheapskates who jailbreak their phones so that they can steal software burn!



    Is that really the only reason to jailbreak?
  • Reply 17 of 62
    Quote:
    Originally Posted by pats View Post


    Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements



    Not really



    I would in fact suggest that you get less functionality overall. Those that don't jail-brake their phones and update their OSs get more functionality than those that jail brake just to get a couple of apps to brag about.



    And from what I have witnessed in my classes, those that do jail break are missing a lot. Invariably, it is shown that the original need has been negated and the increased functionalities and improvements seen with each update isn't worth the trouble and aggrivation.



    However, this is not to say that everybody should stop. Actually, jailbroken apps are of most interest by legitimate developers. The reasons should be obvious.
  • Reply 18 of 62
    chronsterchronster Posts: 1,894member
    Quote:
    Originally Posted by Gazoobee View Post


    The people that enable the one-click jailbreaking, the web-sites that talk about how to do it, the promoters of it on forums like this, and those that write the articles on sites like this ARE also to blame. It's like giving loaded handguns to children to play with but telling them not to point it at their friends and thinking you've done your job.



    It's a peculiar thing though that so many choose to jailbreak for one reason or another. Why doesn't Apple let you do many of the things jailbroken phones can do? Like change your wallpaper for instance...



    Also, if piracy has become an issue because of jailbreaking, then maybe those who stand to profit most from suppressing piracy are the same people responsible for the worm lol.
  • Reply 19 of 62
    hehe...
  • Reply 20 of 62
    igeniusigenius Posts: 1,240member
    Quote:
    Originally Posted by krreagan View Post


    This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!



    If you jailbreak your phone you are on your own!



    Are you "on your own" if you install third-party software (like, for example, PhotoShop) on a Mac? Why is the iPhone different? Why is it locked down, when the Mac has no such limitation?



    I think that third-party software should be freely available for the iPhone. I also think that non-technical folks should have an approval process for such software, and a friendly place to buy it, so that they will be excused from exercising difficult thought processes.



    But for the folks out there who comfortable using technology, there should be places to obtain and install any software that they choose. Every consumer OS since the early days has allowed installation of software chosen by the owner of the device. Until now.
Sign In or Register to comment.