Hot Stories Ommwriter word processor offers Zen-like meditative focus Apple I system on auction through eBay Best Buy's Black Friday deals revealed FileSalvage 7 runs on Snow Leopard, upgrades interface Multi-carrier iPhone in France doubles sales TomTom to ship iPod touch-specific car kit Review: 27-inch iMac with Core i5 Microsoft roadmap puts Windows 8 in 2012 Minco 1.0 time-earnings tracker integrates with iCal Pogoplug updated with 4 USB ports, automatic media sync Briefly: Office 2008 for Mac discount, iMac repair guides Apple's App Store API screening flawed, says developer Dell slips out Studio 17 with touchscreen Barnes & Noble sold out of Nook reader until 2010 Gameloft sells 400X more iPhone games than Android Qualcomm demos FLO TV on iPhone AKVIS Sketch 10 update adds Snow Leopard support Apple updates Server Admin Tools, Boot Camp drivers Aqua Connect intros hosted Mac terminal services Briefly: Firefox 3.6 enters 3rd beta, new Eye-Fi features iPod touch with camera to appear in spring? Mac OS X 10.6.2 hacked to allow Atom processors Nokia to cut an extra 330 jobs in R&D Twitter turns on geolocation feature Ballmer: it "matters" that Apple has gained share Autodesk's Smoke 2010 to come to Macs Garmin's Custom Maps lets users overlay own data TomTom app update brings iPod touch support PS3 to support stereoscopic 3D T-Mobile looking to team up with other US carrier? OCZ delivers Colossus 3.5-inch SSDs YouTube blocking native video API from TV devices Apple adds new printer, scanner drivers for Snow Leopard Jobs: Forced name change 'not that big of a deal' Leaks 'confirm' DS, PSP sequels will outrun iPod Google phone real, due early 2010? Pegatron shows Ubuntu-based smartbook Hitachi offers 2TB SimpleTech external drive Acer Liquid A1 Android phone to reach UK in November ASUS best, HP worst for notebook reliability
macnn news
Text Size

Memo warns of new malicious iPhone hack

updated 09:55 am EST, Wed November 11, 2009

Again targets jailbroken devices

A new, more serious danger to jailbroken iPhones has emerged, says security firm Intego. The threat, currently labeled "iPhone/Privacy.A," is described as a hacking tool based on the same vulnerability used by the recent Ikee worm. Unlike Ikee however, Privacy.A is not meant as a warning but rather a malicious means of stealing data from an iPhone. Attackers can steal contacts, e-mail, text messages and anything else in an iPhone's storage.

Also unlike Ikee, there is no warning that the tool may be active. It is installed on a Mac, Windows, Unix or Linux computer, where it can then scan a network for jailbroken iPhones in order to invade them and run data transfers. Intego suggests that the tool has a unique public threat, as it could be installed on a retail computer in order to trap visiting shoppers; in a similar manner, a hacker could load the software on a notebook and wait for victims in an Internet cafe.

Some anti-virus programs may already be able to detect Privacy.A, but the option has little use, as it can only block the tool on a computer, not an iPhone. Intego argues that iPhone owners should not jailbreak their devices in the first place, as it significantly increases vulnerability to malware. Privacy.A can be defeated, however, simply by changing a handset's default root password.

By MacNN Staff

Article Tags :

E-Mail
Print
Comments (3)
digg
buzz up
slashdot
del.icio.us
tweet

Related Articles

Recent Articles

 
Previous Comments

ho hummmmm

11/11, 11:15am reply

duh, as long as you don't jailbreak your iphone, you'll be just fine...

joelcpa

Forum Regular

Joined: Oct 2002

+4

FUD

11/11, 11:29am reply

Gah, jailbroken iPhones are not necessarily vulnerable. All of the following conditions must be met for an iPhone to be vulnerable:
1) iPhone must be jailbroken,
2) User has chosen to install OpenSSH from one of the installer repositories,
3) User ignores the warning dialog they are presented when installing OpenSSH instructing them to change the root password, and
4) User must keep OpenSSH running while not in use.

OpenSSH is not installed by default on jailbroken iPhones, and so most jailbroken iPhones are not vulnerable. Even if you install OpenSSH, you can just leave it turned off when you're not using it (maybe using the handy SBSettings tool for quick access to the toggle), and you won't be at risk. If you do use OpenSSH, just change the default root password, and you're solid.

WiseWeasel

Fresh-Faced Recruit

Joined: Apr 1999

+5

Thank FUD

11/11, 11:31am reply

I was just about to clear that up. You should not install OpenSSH if your a noob!

jman

Fresh-Faced Recruit

Joined: Feb 2002

+5

Add Your Comment

Login Here

User Name
Password
 
Not a member of the MacNN forums? Register now for free.