Feeds

iPhone worms can create mobile botnets

Paranoid, and not just about Android

7 Elements of Radically Simple OS Migration

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks.

The IKee-B (Duh) iPhone worm, released in late November, exploited default root passwords on jailbroken iPhones to turn the smartphones into botnet clients under the control of a server based in Lithuania. The worm affected iPhone users in The Netherlands, and specifically targeted customers of Dutch online bank ING Direct.

Security researchers at SRI International - noted for top notch work in dissecting the Conficker botnet - published an analysis of the iPhone botnet on Monday that warns users of Apple's device and similar smartphones to expect more of the same in future. Warnings about mobile malware have been circulating for years. But it's only since the advent of iPhones and other smartphones, allowing decent internet access with what's essentially a mini-computer, that such risks have become tangible, rather than the stuff of anti-virus vendor PowerPoint slides, SRI warns.

Unlike the previous generation of cell phones that were at their worst susceptible to local Bluetooth hijacking, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet.

Although the iKee.B botnet discussed here admittedly offers a rather limited growth potential, iKee.B nevertheless provides an interesting proof of concept that much of the functionality we have grown to expect from PC-based botnets can be easily migrated into a lightweight smartphone application. iKee.B demonstrates that a victim holding an iPhone in Australia can be hacked from another iPhone located in Hungary, and forced to exfiltrate its user's private data to a Lithuania C&C server, which may then upload new instructions to steal financial data from the Australian user's online bank account. While it is unclear just how well prepared smartphone users are to this new reality, it is clear that malware developers are preparing for this new reality right now.

SRI's researchers conclude that although the Ikee-B worm is simpler than its PC relatives, it comes with the potential to evolve in something even nastier.

The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

The analysis, based on reverse engineering of the malicious code, by SRI's researchers can be found here. ®

Build a business case: developing custom apps

More from The Register

next story
Nice computers don’t need to go to the toilet, says Barclays
Bad computers might ask if you are Sarah Connor
4K video on terrestrial TV? Not if the WRC shares frequencies to mobiles
Have your say with Ofcom now, before Freeview becomes Feeview
PEAK LANDFILL: Why tablet gloom is good news for Windows users
Sinofsky's hybrid strategy looks dafter than ever
YES, iPhones ARE getting slower with each new release of iOS
Old hardware doesn't get any faster with new software
You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
Really, er, stands out among cheapie 7-inchers
Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
Cheapest models given new processors, more RAM
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Microsoft stands on shore as tablet-laden boat sails away
Brit buyers still not falling for Windows' charms
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?