AAPL Stock: 112.12 ( + 2.62 )

Printed from

Memo warns of new malicious iPhone hack

updated 09:55 am EST, Wed November 11, 2009

Again targets jailbroken devices

A new, more serious danger to jailbroken iPhones has emerged, says security firm Intego. The threat, currently labeled "iPhone/Privacy.A," is described as a hacking tool based on the same vulnerability used by the recent Ikee worm. Unlike Ikee however, Privacy.A is not meant as a warning but rather a malicious means of stealing data from an iPhone. Attackers can steal contacts, e-mail, text messages and anything else in an iPhone's storage.

Also unlike Ikee, there is no warning that the tool may be active. It is installed on a Mac, Windows, Unix or Linux computer, where it can then scan a network for jailbroken iPhones in order to invade them and run data transfers. Intego suggests that the tool has a unique public threat, as it could be installed on a retail computer in order to trap visiting shoppers; in a similar manner, a hacker could load the software on a notebook and wait for victims in an Internet cafe.

Some anti-virus programs may already be able to detect Privacy.A, but the option has little use, as it can only block the tool on a computer, not an iPhone. Intego argues that iPhone owners should not jailbreak their devices in the first place, as it significantly increases vulnerability to malware. Privacy.A can be defeated, however, simply by changing a handset's default root password.

by MacNN Staff




  1. joelcpa

    Joined: Dec 1969


    ho hummmmm

    duh, as long as you don't jailbreak your iphone, you'll be just fine...

  1. WiseWeasel

    Joined: Dec 1969



    Gah, jailbroken iPhones are not necessarily vulnerable. All of the following conditions must be met for an iPhone to be vulnerable:
    1) iPhone must be jailbroken,
    2) User has chosen to install OpenSSH from one of the installer repositories,
    3) User ignores the warning dialog they are presented when installing OpenSSH instructing them to change the root password, and
    4) User must keep OpenSSH running while not in use.

    OpenSSH is not installed by default on jailbroken iPhones, and so most jailbroken iPhones are not vulnerable. Even if you install OpenSSH, you can just leave it turned off when you're not using it (maybe using the handy SBSettings tool for quick access to the toggle), and you won't be at risk. If you do use OpenSSH, just change the default root password, and you're solid.

  1. jman

    Joined: Dec 1969


    Thank FUD

    I was just about to clear that up. You should not install OpenSSH if your a noob!

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented