toggle

AAPL Stock: 113.99 ( + 1.98 )

Printed from http://www.macnn.com

Memo warns of new malicious iPhone hack

updated 09:55 am EST, Wed November 11, 2009

Again targets jailbroken devices

A new, more serious danger to jailbroken iPhones has emerged, says security firm Intego. The threat, currently labeled "iPhone/Privacy.A," is described as a hacking tool based on the same vulnerability used by the recent Ikee worm. Unlike Ikee however, Privacy.A is not meant as a warning but rather a malicious means of stealing data from an iPhone. Attackers can steal contacts, e-mail, text messages and anything else in an iPhone's storage.

Also unlike Ikee, there is no warning that the tool may be active. It is installed on a Mac, Windows, Unix or Linux computer, where it can then scan a network for jailbroken iPhones in order to invade them and run data transfers. Intego suggests that the tool has a unique public threat, as it could be installed on a retail computer in order to trap visiting shoppers; in a similar manner, a hacker could load the software on a notebook and wait for victims in an Internet cafe.

Some anti-virus programs may already be able to detect Privacy.A, but the option has little use, as it can only block the tool on a computer, not an iPhone. Intego argues that iPhone owners should not jailbreak their devices in the first place, as it significantly increases vulnerability to malware. Privacy.A can be defeated, however, simply by changing a handset's default root password.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. joelcpa

    Joined: Dec 1969

    +4

    ho hummmmm

    duh, as long as you don't jailbreak your iphone, you'll be just fine...

  1. WiseWeasel

    Joined: Dec 1969

    +5

    FUD

    Gah, jailbroken iPhones are not necessarily vulnerable. All of the following conditions must be met for an iPhone to be vulnerable:
    1) iPhone must be jailbroken,
    2) User has chosen to install OpenSSH from one of the installer repositories,
    3) User ignores the warning dialog they are presented when installing OpenSSH instructing them to change the root password, and
    4) User must keep OpenSSH running while not in use.

    OpenSSH is not installed by default on jailbroken iPhones, and so most jailbroken iPhones are not vulnerable. Even if you install OpenSSH, you can just leave it turned off when you're not using it (maybe using the handy SBSettings tool for quick access to the toggle), and you won't be at risk. If you do use OpenSSH, just change the default root password, and you're solid.

  1. jman

    Joined: Dec 1969

    +5

    Thank FUD

    I was just about to clear that up. You should not install OpenSSH if your a noob!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relat ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

toggle

Most Commented