Malicious new iPhone worm infects jailbroken phones

| November 11, 2009

It was only a matter of time before someone took a cue from the Dutch and Aussie hackers — who tunneled into jailbroken iPhones for some harmless mischief — and took it to a bad place.

Mac security vendor Intego calls the malicious code "iPhone/Privacy.A." It installs on Windows, Mac and Unix/Linux systems, as well as iPhones, and uses them to search for vulnerable jailbroken devices. Once it infects an iPhone, it copies its e-mail, contacts, text messages, calendar data, pics, tunes, vids and any data recorded by the handset’s apps. 

“This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network,” Intego said. "Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the Wifi network in search of data.”

So how do you know if your phone is susceptible? If you haven’t jailbroken it, then it’s safe. But if you have, take note: SSH is a Unix utility that allows devices to connect to others over the Internet. If you’ve got it running with the default password (“alpine”) enabled, then it is at risk of getting infected.

iPhone/Privacy.A works pretty much the same way as the one written by Ashley Towns, the Australian programmer who punk’d his pals by breaching their iPhones and changing their wallpapers to pics of 80s singer Rick Astley. What’s not clear, though, is whether the malicious worm is a coincidence or actually based on Towns’ code, which he temporarily published online. (A bone-headed move, to be sure. As of yet, authorities have not announced if they'll prosecute him.)

Intego has said its VirusBarrier X5 software will detect iPhone/Privacy.A. But since it preys on lazy, absent-minded or unknowing users who leave their passwords at the default, I’ll say this for the third time: If you’ve jailbroken your phone, make sure to change that password. Do it now. Seriously. We’ll wait.

Via: PC World, The Mac Security Blog


P.S. I can't help but believe that Cupertino is smiling about this. Apple's been trying everything to get people to stop jailbreaking their phones, to no avail. Now, with this, there are some truly compelling reasons to think twice, particularly if you're not a tech hound. I'm pretty sure newbies who were tempted to try it are a little less likely to give it a whirl now. Any of you fall in that category?

Products mentioned