Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Malicious worm attacks, steals data from jailbroken iPhones

iPhones with modified software could be vulnerable to a new, malicious worm that can allow remote access and control without the owner's knowledge or permission.

It is estimated that hundreds of users are currently affected by a worm that targets users of "jailbroken" iPhones who live in the Netherlands and use the bank ING Direct. But security company F-Secure told the BBC that the currently isolated issue could easily jump to thousands of handsets. The worm is reportedly spread between phones when they share the same Wi-Fi spot.

In order for an iPhone to be vulnerable to the new worm, they must have willingly modified their handset's software to allow them to run unauthorized code. Phones can be jailbroken to run applications or modify the system in ways not approved by Apple.

The worm only affects jailbroken phones that have SSH (secure shell) installed, without the default password — "alpine" — changed. It employs the same method as a previous worm, Ikee, that was not malicious. Instead, the wallpaper-changing prank simply changed the user's background to a picture of 1980s pop star Rick Astley, who sang the 1987 hit "Never Gonna Give You Up."

But the new worm reportedly has botnet functionality and connects to a Web-based command and control center based in Lithuania.

For now, the worm is only aimed at customers who live in the Netherlands and bank with ING Direct. The online bank intends to put a warning on its Web site.

This summer, a text messaging exploit was discovered by security researcher Charlie Miller that could allow someone to take control of the iPhone. Apple quickly fixed the issue. The exploit exposed the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari.



62 Comments

quadra 610 6685 comments · 16 Years

http://support.apple.com/kb/HT3743

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

krreagan 218 comments · 16 Years

This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!

If you jailbreak your phone you are on your own!

I'm sure Apple will still take some shit for this because some do not understand the vulnerable and think all iPhones are susceptible, or just think that Apple is responsible for anything and everything regardless if the phone is jail-broken.

KRR

jglavin 93 comments · 15 Years

Serves them right for not changing their root password. That's just opening a can of worms right there.

masterz1337 123 comments · 15 Years

Quote:
Originally Posted by Quadra 610

http://support.apple.com/kb/HT3743

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

Have you heard, Jailbreaking your Phone also increases your risk of cancer too.

Those things you listed are grossly exaggerated, and most of those are no brainers. Of course you're going to have reduced battery life, your doing more things, Of course it's harder to update to future firmwares, you lose your jailbroken data. While sometimes I do instal things that messes with my services, I knowingly put them on and I can remove them to, and worst case scenario, I just restore to default firmware. My stability hasn't changed a bit, actually, I have 0 problems what so ever, unlike many of those to upgraded to 3.1.

Edit: I mean no disrespect to you Quadra, but rather what you quoted from the Apple Support page.