Jailbreakers beware: iPhone malware evolves rapidly

Antivirus and security developer Intego released information on another worm that has been built to steal information from jailbroken iPhone users.

Topher Kessler MacFixIt Editor

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

See full bio

Topher Kessler

Nov. 11, 2009 9:06 a.m. PT

2 min read

Over the weekend there were reports of the "Rickrolling" worm that targeted jailbroken iPhones which had SSH installed and still used the default password. While definitely a security hole for those who enabled these features, the threat was more of a prank and "proof-of-concept" than anything truly malicious. Yesterday, however, antivirus and security software developer Intego released information on another worm that has been built to steal information from these iPhone users.

The article by Intego mentions the new worm, dubbed "iPhone/Privacy.A", takes advantage of the same vulnerability as the Rickrolling worm, and once installed it will copy virtually any data off the phone that it wants; however, unlike the Rickrolling worm, this new variant does not give any indication that the phone has been infected.

Given that the Rickrolling worm paved the way to this vulnerability, it was only a matter of time before someone with truly malicious intent applied the technique to their malware, and not surprisingly it only took days.

With this new malware, It is apparently very easy to infect phones who's security has been compromised, and the target audience is fairly large (Intego estimates up to 8% of iPhones have been jailbroken). All a hacker has to do is set the malware up on a PC in a public arena and it will then establish connections with compromised iPhones in the vicinity.

This variant of the Rickrolling worm suggests one thing: Do not jailbreak your iPhone, especially if you are not aware of the risks since other vulnerabilities besides this current one may still be out there. If you suspect your phone has been infected, reset it to factory settings and start over. For those who still wish to jailbreak their phones, you can help protect yourself by changing the root password. To do this, follow the steps outlined by David Martin over at CNET's iPhoneAtlas.

Keep in mind that if you do not have a jailbroken iPhone, then you're not at risk for this malware; but if you do and you have SSH enabled then be cautioned that there is no indication that this new malware is on your phone.

Questions? Comments? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.

Computing Guides

Laptops

Desktops & Monitors

Computer Accessories

Photography

Tablets & E-Readers

3D Printers

Computing Coupons