Over the weekend there were reports of the "Rickrolling" worm that targeted jailbroken iPhones which had SSH installed and still used the default password. While definitely a security hole for those who enabled these features, the threat was more of a prank and "proof-of-concept" than anything truly malicious. Yesterday, however, antivirus and security software developer Intego released information on another worm that has been built to steal information from these iPhone users.
The article by Intego mentions the new worm, dubbed "iPhone/Privacy.A", takes advantage of the same vulnerability as the Rickrolling worm, and once installed it will copy virtually any data off the phone that it wants; however, unlike the Rickrolling worm, this new variant does not give any indication that the phone has been infected.
Given that the Rickrolling worm paved the way to this vulnerability, it was only a matter of time before someone with truly malicious intent applied the technique to their malware, and not surprisingly it only took days.
With this new malware, It is apparently very easy to infect phones who's security has been compromised, and the target audience is fairly large (Intego estimates up to 8% of iPhones have been jailbroken). All a hacker has to do is set the malware up on a PC in a public arena and it will then establish connections with compromised iPhones in the vicinity.
This variant of the Rickrolling worm suggests one thing: Do not jailbreak your iPhone, especially if you are not aware of the risks since other vulnerabilities besides this current one may still be out there. If you suspect your phone has been infected, reset it to factory settings and start over. For those who still wish to jailbreak their phones, you can help protect yourself by changing the root password. To do this, follow the steps outlined by David Martin over at.
Keep in mind that if you do not have a jailbroken iPhone, then you're not at risk for this malware; but if you do and you have SSH enabled then be cautioned that there is no indication that this new malware is on your phone.