Feeds

First malicious iPhone worm slithers into wild

Jailbreakers under assault

Securing Web Applications Made Simple and Scalable

A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet.

The worm, according to XS4ALL, targets jailbroken iPhones whose owners have carelessly failed to change the default password. In addition to connecting to a Lithuanian master command channel, it also changes the root password for the device, making it harder for owners trying to regain control. Infected iPhones are also tagged with a unique ID number.

"A number of customers with jailbroken phones have been found running unknown software on their phones which is trying to compromise other iPhone users at other telecommunications providers," the XS4ALL advisory stated. "XS4ALL strongly advises caution against jailbreaking if you are not fully aware of the potential risks to your privacy and security."

The worm has the ability to pillage SMS databases, and an analysis by Security.nl (English translation here) has identified a script that looks for mobile transaction authentication numbers used by some banks to perform two-factor authentication with SMS-based systems. (Sophos also has analysis here.)

The worm tries to propagate by scanning a variety of IP ranges, including those used by carriers T-Mobile, UPC in the Netherlands, and Optus in Australia. The worm is especially active when it has access to wi-fi networks. One tip-off that a device has been infected is that battery life is extremely short when connected to 802.11 networks because the worm generates so many connections. The worm is not widespread, F-Secure said Sunday.

The attacks come two weeks after a separate piece of self-replicating code caused iPhones mostly located in Australia to display images of Rick Astley, the schmaltzy 1980s pop singer. The most recent outbreak appears to be the first instance of malicious iPhone malware spreading in the wild.

The worms are able to spread only on iPhones that have been jailbroken, have an SSH-enabled application installed and continue to use the default root password. Once they are identified on a network, the malware is able to connect using the password and install itself. One would think people who are smart and energetic enough to jailbreak a smartphone would know about the perils of SSH and default root passwords, but the success of these worms suggests otherwise.

According to F-Secure Chief Research Officer Mikko Hypponen, the command and control channel used by the worm is 92.61.38.16. Admins who find this IP address being accessed have good reason to believe they may have a problem. Infected iPhones should be reset to the factory firmware using Apple's iTunes.

Of course, iPhones that are reset will no longer be jailbroken, but that's certainly a better alternative than being part of a botnet. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.