Modified iPhones Are Compromised By New Worm

Nov 25, 2009 by John Messina weblog

(PhysOrg.com) -- Several research security firms have reported a new worm attack against jail broken iPhones, dubbed "Ikee.B or "Duh", this worm searches for personal and banking information.

The worm spreads by using the default password for applications that can be installed on jail broken . Once the iPhone is infected, the worm grabs text messages and searches for banking authorization codes used for at least one bank. The codes are then sent to a central server located in Lithuania.

With cybercriminals becoming savvier, it's only a matter of time before they find ways to infect iPhones that are not jail broken as well as other smartphone devices. Some researchers confirm that worm attacks against are evolving and it's becoming more common for cybercriminals to target personal and financial information stored on portable devices.

Researchers have confirmed that even Bluetooth connections between portable devices can be compromised with malicious code. A Bluetooth outbreak can be easily carried out in shopping malls, airports, or libraries, anywhere a cybercriminal may find potential victims.

The new worm easily infects jail broken iPhones by a weakness introduced into an application called OpenSSH. The application uses the default password 'alpine' that the worm uses to connect to the iPhone remotely. Since there is no shell code and no buffer overflow compromising the iPhone, writing code is fairly simple.

The attacks that have target iPhones this past month, focused on jail broken phones only. In the process of jail breaking a phone, the code that prevents users from loading any application they want is removed, thereby also removing most of the security that prevents from running on the smartphone.

With the evolution of hacking into portable devices growing, it's only a matter of time before phones employing Google's , and everything else will be compromised in one way or another.

More information: iPhone worm Rickrolls Australia

© 2009 PhysOrg.com

Explore further: Five features an Amazon phone might offer (Update)

add to favorites email to friend print save as pdf

Related Stories

iPhone worm Rickrolls Australia

Nov 10, 2009

(PhysOrg.com) -- iPhone users in Australia have been hit during the last few days with a worm called "ikee". The worm replaces the default wallpaper with a difficult to remove picture of British singer Rick ...

The malware attack against mobile phones is mounting

Dec 23, 2004

The security challenges in the mobile environment are similar to the problems we have encountered in the PC world. Open platforms are becoming popular in smartphones, for example the Symbian operating system is used in more ...

Wikipedia launches iPhone application

Aug 20, 2009

Wikipedia said it has released an iPhone application as part of a drive to open the pages of its revered online encyclopedia to the booming ranks of smart phone users.

Skype comes to iPhones on Tuesday

Mar 30, 2009

Skype has confirmed that a free software application enabling iPhone owners to use its Internet telephone service will be available in Apple's online App Store beginning Tuesday.

Recommended for you

Five features an Amazon phone might offer (Update)

10 hours ago

A report this week in The Wall Street Journal that Amazon is planning to release a smartphone has prompted industry analysts and technology blogs to muse about what the device might offer.

Sony's PlayStation 4 sales top seven million

Apr 17, 2014

Sony says it has sold seven million PlayStation 4 worldwide since its launch last year and admitted it can't make them fast enough, in a welcome change of fortune for the Japanese consumer electronics giant.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Inco
5 / 5 (1) Nov 25, 2009
Its hardly OpenSSH that have a weakness. Looks more like installation bundle takes a few shortcuts.
Regarding Android, yes it is likely it will get worms/viruses in the future though not the same quantity of them.
The reasons for rooting an Android phone is quite small. And applications don't run with full privileges. For iPhone, metasploit.com have for a long time pointed out weaknesses in the security model of the phone. Its security by only allowing Apple to install programs, and just hope those programs don't have flaws.

More news stories

LinkedIn membership hits 300 million

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

Impact glass stores biodata for millions of years

(Phys.org) —Bits of plant life encapsulated in molten glass by asteroid and comet impacts millions of years ago give geologists information about climate and life forms on the ancient Earth. Scientists ...