toggle

AAPL Stock: 433.26 ( 0 )

http://www.macnn.com/articles/09/11/11/again.targets.jailbroken.devices/

Memo warns of new malicious iPhone hack

updated 09:55 am EST, Wed November 11, 2009

 

Again targets jailbroken devices


A new, more serious danger to jailbroken iPhones has emerged, says security firm Intego. The threat, currently labeled "iPhone/Privacy.A," is described as a hacking tool based on the same vulnerability used by the recent Ikee worm. Unlike Ikee however, Privacy.A is not meant as a warning but rather a malicious means of stealing data from an iPhone. Attackers can steal contacts, e-mail, text messages and anything else in an iPhone's storage.

Also unlike Ikee, there is no warning that the tool may be active. It is installed on a Mac, Windows, Unix or Linux computer, where it can then scan a network for jailbroken iPhones in order to invade them and run data transfers. Intego suggests that the tool has a unique public threat, as it could be installed on a retail computer in order to trap visiting shoppers; in a similar manner, a hacker could load the software on a notebook and wait for victims in an Internet cafe.

Some anti-virus programs may already be able to detect Privacy.A, but the option has little use, as it can only block the tool on a computer, not an iPhone. Intego argues that iPhone owners should not jailbreak their devices in the first place, as it significantly increases vulnerability to malware. Privacy.A can be defeated, however, simply by changing a handset's default root password.


by MacNN Staff

Post tools:

TAGS :

 iPhone, security, hacks

Related Articles

Recent Articles

toggle

Comments

  1. joelcpa

    Forum Regular

    Joined: Oct 2002

    +4
    11/11, 11:15am | report spam | Reply |

    ho hummmmm

    duh, as long as you don't jailbreak your iphone, you'll be just fine...

  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    +5
    11/11, 11:29am | report spam | Reply |

    FUD

    Gah, jailbroken iPhones are not necessarily vulnerable. All of the following conditions must be met for an iPhone to be vulnerable:
    1) iPhone must be jailbroken,
    2) User has chosen to install OpenSSH from one of the installer repositories,
    3) User ignores the warning dialog they are presented when installing OpenSSH instructing them to change the root password, and
    4) User must keep OpenSSH running while not in use.

    OpenSSH is not installed by default on jailbroken iPhones, and so most jailbroken iPhones are not vulnerable. Even if you install OpenSSH, you can just leave it turned off when you're not using it (maybe using the handy SBSettings tool for quick access to the toggle), and you won't be at risk. If you do use OpenSSH, just change the default root password, and you're solid.

  1. jman

    Fresh-Faced Recruit

    Joined: Feb 2002

    +5
    11/11, 11:31am | report spam | Reply |

    Thank FUD

    I was just about to clear that up. You should not install OpenSSH if your a noob!

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News