toggle

AAPL Stock: 562.29 ( -3.03 )

Memo warns of new malicious iPhone hack

updated 09:55 am EST, Wed November 11, 2009

Again targets jailbroken devices


A new, more serious danger to jailbroken iPhones has emerged, says security firm Intego. The threat, currently labeled "iPhone/Privacy.A," is described as a hacking tool based on the same vulnerability used by the recent Ikee worm. Unlike Ikee however, Privacy.A is not meant as a warning but rather a malicious means of stealing data from an iPhone. Attackers can steal contacts, e-mail, text messages and anything else in an iPhone's storage.

Also unlike Ikee, there is no warning that the tool may be active. It is installed on a Mac, Windows, Unix or Linux computer, where it can then scan a network for jailbroken iPhones in order to invade them and run data transfers. Intego suggests that the tool has a unique public threat, as it could be installed on a retail computer in order to trap visiting shoppers; in a similar manner, a hacker could load the software on a notebook and wait for victims in an Internet cafe.

Some anti-virus programs may already be able to detect Privacy.A, but the option has little use, as it can only block the tool on a computer, not an iPhone. Intego argues that iPhone owners should not jailbreak their devices in the first place, as it significantly increases vulnerability to malware. Privacy.A can be defeated, however, simply by changing a handset's default root password.


by MacNN Staff

print
email
(3)

TAGS :

 iPhone, security, hacks

Related Articles

Recent Articles

toggle

Comments

  1. joelcpa

    Forum Regular

    Joined: Oct 2002

    +4
    11/11, 11:15am | report spam | Reply |

    ho hummmmm

    duh, as long as you don't jailbreak your iphone, you'll be just fine...

  1. WiseWeasel

    Fresh-Faced Recruit

    Joined: Apr 1999

    +5
    11/11, 11:29am | report spam | Reply |

    FUD

    Gah, jailbroken iPhones are not necessarily vulnerable. All of the following conditions must be met for an iPhone to be vulnerable:
    1) iPhone must be jailbroken,
    2) User has chosen to install OpenSSH from one of the installer repositories,
    3) User ignores the warning dialog they are presented when installing OpenSSH instructing them to change the root password, and
    4) User must keep OpenSSH running while not in use.

    OpenSSH is not installed by default on jailbroken iPhones, and so most jailbroken iPhones are not vulnerable. Even if you install OpenSSH, you can just leave it turned off when you're not using it (maybe using the handy SBSettings tool for quick access to the toggle), and you won't be at risk. If you do use OpenSSH, just change the default root password, and you're solid.

  1. jman

    Fresh-Faced Recruit

    Joined: Feb 2002

    +5
    11/11, 11:31am | report spam | Reply |

    Thank FUD

    I was just about to clear that up. You should not install OpenSSH if your a noob!

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News