iPhone Malware Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 11/24/2009 1:27:56 AM PST by Swordmaker
Another iPhone worm has been spotted in the wild.
Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.
According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.
The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."
Jailbreaking, which has been around for about two years, is a hack that enables iPhone and iPod Touch users to download applications unavailable through Apple's App Store.
Sophos wrote that the worm attacks users on several ISPs, including UPC in the Netherlands, Optus in Australia, and T-Mobile in several countries worldwide. Worse, the worm spreads faster on a Wi-Fi connection than a 3G connection. Users with affected devices might notice extremely short battery life while on Wi-Fi. According to Sophos, that's mainly due to the worm engaging in "so much network activity."
When a device is infected, it's assigned a unique number so that the attackers can easily pinpoint a single device. It also looks for authentication systems that use SMS, better known as mTANs. mTANs are frequently used by banks that send an SMS message with a password to mobile phones, allowing people to log in to their online accounts, Sophos wrote.
In essence, this threat is serious.
Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem.
If you want on or off the Mac Ping List, Freepmail me.
So either leave your phone open to attack by the worm or have your jailbroke iphone bricked by Apple’s update.
Not a lot of good options here.
The “restore” method doesn’t brick your phone. It resets everything back to factory settings and installs a fresh image copy of the Apple distribution of the iPhone OS and firmware.
But thanks for the Fear, Uncertainty, and Doubt.
Yes. That’s the “upgrade”, not “restore” process that bricked those phones. It is also the first version of the iPhone OS 1.x, which is now into its third major iteration, 3.x.
That technicality of course ignores the fact that the affected users not only violated the terms of their usage agreements, but they stupidly ran the Apple update process on a hacked version of Apple’s (and third party) software.
If I recall, a “restore” was the first step in upgrading the early versions. First you restore, then you update, and then you add your data back on, and if by then a new hack was available you installed it and got on with your life.
A little off-topic, has the battery heating problem been solved? I heard that the 3GS iPhone had a heating problem. Was that a true problem? I am delaying upgrading to the 3GS untill the fix has been made.
Note, this works only on jailbroken iphones only...
Amazing!
It's like someone takes the locks off the doors of their house, opens the windows and then wonders why they had things stolen out of their house... LOL...
> Amazing! It's like someone takes the locks off the doors of their house, opens the windows and then wonders why they had things stolen out of their house... LOL...
Moreover, only on jailbroken phones on which the user didn't change the default root password. Good lord, what do they use for brains?
So far these iPhone worms look like like natural selection in action on the users, weeding out the stupid ones. ;-)
My 3Gs gets mildly warm with prolonged use... but no more so than my wife's Verizon LG her work makes her use...
the worm attacks jailbroken iPhone and iPod Touch devices onlyCue the Thin Lizzy...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.