Latest jailbroken iPhone worm tries filching bank passwords

Latest jailbroken iPhone worm tries filching bank passwords

This is a nice read. This worm is named iBotnet.A. It explains the latest worm, which is quite a bit more malicious than the Rickroll worm that made the news two weeks ago.

Note that both of these worms aren't really exploiting holes in the underlying code. They take advantage of the ignorance of the user. To elaborage, both take advantage of the fact that jailbreakers need to install SSH software onto the phone. Jailbreakers tend to forget that the default password is public and known to the world. The smart moves would be to, 1) change the password to something else; 2) remove the SSH server after jailbreaking the phone; 3) if you still need the SSH server, use SSH key authentication. These seem like no-brainers to me but these are not apparent to most jailbreaker, since they usually don't have security in mind when installing this unauthorized firmware.

This worm is a bit humorous, also:

After it finds a vulnerable phone, iBotnet.A changes the root password to "ohshit"

Now that's funny!

iPhone worm in the wild

iPhone worm in the wild:

Couple of days ago there were a lot of discussions about an attack on iPhone users in the Netherlands where the attacker installed a backdoor that asked the iPhone owner to pay 5 EUR to get rid of the Trojan.

The attack was aimed exclusively against jailbroken (hacked) iPhones – these phones allow the user to run unofficial code and bypass Apple's official App Store. In other words – it allows users to run (often) pirated programs.

EDIT: More coverage at the SANS diary ==> Apple Security Update 2009-006 for Mac OS X v10.6.2