iPhone ‘worms’ haven’t been much of a threat till now. However, things have changed with a new malware, discovered by Mac security firm Intego. Identified as iPhone/Privacy.A, it is a major threat for the privacy of many jailbroken iPhone users who have installed and activated SSH. Note: Non-jailbroken phones are not affected by it.
This malware acts through the SSH just like the others. It infects through client software installed on an attacking Mac, PC or even iPhone, which scans for jailbroken iPhones nearby. If they are vulnerable, they are then injected with the malware using the default filesystem password.
Previous exploits like iKee just changed the lockscreen background but after injection, this new malware copies private data, such as contacts, e-mail, contacts, SMSs, calendars, photos, music files, videos, which it then sends back to the source machine. It is even possible to send it as a malware to a Mac or PC which will then scan and copy the information from nearby jailbroken iPhones or iPod Touch and then send back to the source.
Even though it is not widespread yet, the amount of information it steals is a great deal. Intego currently recommends it’s own solution, Virus Barrier X5, which detects and removes this malware from a Mac but as far as other platforms are concerned, there’s currently no solution. This means that there is a high chance you can be affected as well. Therefore, we recommend you to take a simple precautionary step by changing the filesystem password on your jailbroken iPhones with SSH installed or turning SSH off when not in use with the help of SBSettings available in Cydia.
You can also have a look at our guide on how to change the filesystem password.
