Never miss an update Follow AppleInsider
Monday, November 23, 2009, 08:50 am
Malicious worm attacks, steals data from jailbroken iPhones
iPhones with modified software could be vulnerable to a new, malicious worm that can allow remote access and control without the owner's knowledge or permission.It is estimated that hundreds of users are currently affected by a worm that targets users of "jailbroken" iPhones who live in the Netherlands and use the bank ING Direct. But security company F-Secure told the BBC that the currently isolated issue could easily jump to thousands of handsets. The worm is reportedly spread between phones when they share the same Wi-Fi spot.
In order for an iPhone to be vulnerable to the new worm, they must have willingly modified their handset's software to allow them to run unauthorized code. Phones can be jailbroken to run applications or modify the system in ways not approved by Apple.
The worm only affects jailbroken phones that have SSH (secure shell) installed, without the default password -- "alpine" -- changed. It employs the same method as a previous worm, Ikee, that was not malicious. Instead, the wallpaper-changing prank simply changed the user's background to a picture of 1980s pop star Rick Astley, who sang the 1987 hit "Never Gonna Give You Up."
But the new worm reportedly has botnet functionality and connects to a Web-based command and control center based in Lithuania.
For now, the worm is only aimed at customers who live in the Netherlands and bank with ING Direct. The online bank intends to put a warning on its Web site.
This summer, a text messaging exploit was discovered by security researcher Charlie Miller that could allow someone to take control of the iPhone. Apple quickly fixed the issue. The exploit exposed the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari.
On Topic: iPhone
- Apple granted patents on push-to-talk, double-sided touch panel
- Samsung Galaxy S4 & Google Now accused of violating Apple patents for Siri
- AT&T to bring FaceTime over cellular to all customers by end of year
- Apple debuts new iPhone discounts, subsidies to gain ground in India
- Looking to pull even with Apple, Samsung to pay developers for Galaxy-specific apps
Previous Comments View All
This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!
If you jailbreak your phone you are on your own!
I'm sure Apple will still take some shit for this because some do not understand the vulnerable and think all iPhones are susceptible, or just think that Apple is responsible for anything and everything regardless if the phone is jail-broken.
KRR
Serves them right for not changing their root password. That's just opening a can of worms right there.
Quote:
Originally Posted by Quadra 610 
http://support.apple.com/kb/HT3743
Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues
Last Modified: July 30, 2009
Article: HT3743
As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:
Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.
Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.
Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.
Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.
Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.
Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.
Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.
http://support.apple.com/kb/HT3743
Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues
Last Modified: July 30, 2009
Article: HT3743
As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:
Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.
Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.
Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.
Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.
Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.
Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.
Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.
Have you heard, Jailbreaking your Phone also increases your risk of cancer too.
Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.
Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.
This is great, let all of the cheapskates who jailbreak their phones so that they can steal software burn! 
Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements
Quote:
Originally Posted by Masterz1337
Have you heard, Jailbreaking your Phone also increases your risk of cancer too.
Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.
Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.
Have you heard, Jailbreaking your Phone also increases your risk of cancer too.
Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.
Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.
No offense taken.
You learn to develop a thick sin on these forums. But your comment wasn't in any way confrontational.
Apple has to cover all the bases when it comes to this. Yes, some of those are exaggerations, and are in the realm of "possible but unlikely." However, when I see the headline: "Malicious worm attacks, steals data from jailbroken iPhones", it does seem rather disturbing. When it comes to your data and (potentially) compromised security re banks, Apple's support page about jailbreaking does resonate a little more with me.
Quote:
Originally Posted by pats
Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements
Personally the folks who jail broke their phones now have to decide if it is worth the pain. You get a little more functionality and a huge increase in security risk. If security doesn't matter then the jailbreak releases you from the grasp of Apple control, but it is obvious that the security environment on a jail-broken iphone in dangerous. My guess is the jail-breaking will become much more a niche market since Apple has continued to improve the Iphone and has a feature set which cover the majority of users requirements
It is pain to see such post about jailbreaking. Yes it is security risk if you install SSH and don't change the root password, similar to one of jumping out of airplane without parachute. Does this mean airplanes should be banned as too much of security risk ? You and Apple would say so.
Quote:
Originally Posted by Quadra 610
You learn to develop a thick sin on these forums.
You learn to develop a thick sin on these forums.
I myself prefer a thick skin, but each to his own.....
Latest Apple Headlines
-
Apple's iAd first major mobile ad-network to get Media Ratings Council accreditation
~9 minutes ago -
Dubai hotel provides guests with iMacs, 24-karat gold iPad
~40 minutes ago -
Evernote gains reminders, Telltale's poker comes to iOS & Angry Birds Space goes free
~2 hours ago -
Apple announces WWDC 2013 keynote for Monday, June 10
~2 hours ago -
Half of Apple's MacBook Air lineup now sold out at Amazon ahead of WWDC
~4 hours ago - more...
Want to write for AppleInsider? Submit your application now!
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
http://support.apple.com/kb/HT3743
Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues
Last Modified: July 30, 2009
Article: HT3743
As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:
Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.
Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.
Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.
Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.
Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.
Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.
Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.