Share
Unlike the ikee Worm that we talked about on Monday, which was harmless aside from a classic Rickrolling example, there is a new attack aimed at jailbroken iPhones. This new attack, which allows the attacker to do everything Ash’s ikee Worm didn’t do, seeks out SSH access on iPhones that are using the default root/alpine credentials.
Jailbroken iPhones hit by Malware seeking out default SSH access Image: Apple.
When we covered the ikee Worm reports during our interview with its author Ash, the one theme that stands out is that when you use technology to do anything, you should be aware of all the risks that come with it. In the case of the ikee Worm, the risk is installing and enabling SSH access but leaving the default password in place.
Ash made a point to do no harm when he launched ikee, but he warned that someone who was malicious could do what he did, and cause all kinds of trouble for end users.
“I use the jailbreak applications myself and love them for what they have done dearly…users should really try to comprehend the risks of installing a service like SSH onto their phones,” Ash said during his interview with The Tech Herald.
"This time it wasn't malicious, but who knows what next time could bring? Lots of people put all of their trust in these devices. They store all of their personal information on them with applications, contacts, emails and more. If you jailbreak your device, just make sure you completely understand what you are doing.”
Now, according to security vendor Intego, someone has done exactly what Ash predicted. A new attack is hitting jailbroken iPhones, and the Malware responsible has the ability to siphon off all sorts of information, such as Email contacts, SMS messages, photos, calendar information, music, videos, and all of the information ever recorded by the various applications installed on the victimized iPhone.
“Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone. Hackers using this tool will install it on a computer – Mac, PC, Unix or Linux – then let it work,” Intego said.
The Malware will scan the network that it has access to, hunting down jailbroken iPhones or iPod Touch devices with SSH enabled. Using the default access of root/alpine, it connects to the devices and downloads everything it can, silently. Like the ikee Worm, this new Malware is only targeting jailbroken iPhones and iPod Touch devices. If you are an iPhone or iPod Touch user who has never attempted to jailbreak your hardware, your data and device is safe.
“This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the Wi-Fi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business,” Intego explained, listing possible attack vectors.
“We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild. While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices.”
The lesson here is simple. Play with fire, and you'll get burned. While there are solid reasons to jailbreak the Apple devices, once you do, you violate any warranty or help you would expect from a carrier or Apple.
In addition, as mention by Intego and Ash, there is more to jailbreaking than following instructions to open the device. Once the jailbreaking process is complete, you should treat the Apple device as you would any asset on a network, and lock it down by removing alpine as the password.
While Intego sells Malware protection that will detect this new threat to Apple devices, the entire problem can be stopped by a simple password change, something that takes seconds, and costs nothing.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story