Worm Prompts Jailbroken iPhones To Grab Your Banking Data
10:49 am, November 23rd, 2009, Ed Sutherland
The phrase “putting a genie into the bottle” comes to mind as reports surfaced Monday of a malicious offspring of a prank aimed at owners of unsecure jailbroken iPhones. Dubbed the “Duh” worm, the latest security threat targets the financial data of customers using online bank ING Direct.
The worm redirects ING Direct users to a phishing site. Those phones also come under the control of a botnet in Lithuania, reports said. The attack searches for iPhones that use the default secure shell (SSH) root password of “alpine.” The jailbreaking process often requires a person to install SSH, but many fail to change the default – opening the door wide for malicious hacks.
The worm currently focuses on jailbroken iPhones in the Netherlands, but the threat also touches on Portugal, Australia, Austria and Hungary, according to reports. The “Duh” iPhone worm infects jailbroken iPhones that use the same Wi-Fi hotspot, security researchers said.
Earlier this month, the 21-year-old Australian hacker who released the initial innocuous iPhone worm came forward, describing it as “an experiment that got out of hand.” Ashley Towns said he created the worm after reading a blog urging iPhone owners to change passwords. He worm changes the wallpaper of unsecure jailbroken iPhones to that of ’80s rocker Rick Astley. Towns said he didn’t “think about legal consequences at the time. I honestly never expected it to go this far.” Towns reported receiving death threats and job offers as a result of his worm. Unlike Towns’ worm, which the hacker thought might infect 10 or 15 people, the latest version could touch the lives of thousands who own jailbroken iPhones, security researchers said.
Security researcher urge owners of jailbroken phones to change their SSH password if they are still using the default code.
Days after Towns released his “rickrolling” iPhone worm, another hacker introduced another iPhone using the same SSH door but with more malicious intent. The new malware, dubbed iPhone/Privacy.A by Mac security firm Intego steals your contacts, e-mail and other files.
[Via BBC, The Register, AppleInsider]
Posted by Ed Sutherland in News | Comment on this article
If you enjoyed this article:
Subscribe via RSS or email, or follow us on Facebook and Twitter
Ah, Google-phone… the same future awaits you.
Onslaught, on November 23rd, 2009 at 11:43 am
Ahh, the joys of openness and freedom from the iron grip of Apple!
D. Smith, on November 23rd, 2009 at 11:55 am
“Ahh, the joys of openness and freedom from the iron grip of Apple!”
Some of us prefer to live life without a Nanny. Indeed, from what I’ve seen, most adults have such a preference.
Tell me: Do you install third-party software on your Mac? How can you stand the (illusory?) joys of openness and freedom in such an activity?
Is your Mac different from your iPhone? Would you prefer to lose the ability to install your chosen software on your Mac too?
I don’t understand adults who eagerly give up freedoms.
iGenius, on November 23rd, 2009 at 12:46 pm
Such melodramatic language. Nanny? And last time I checked, there was nothing in the U.S. Constitution about a right to unfettered access to iPhone apps on non-jailbreak phones. We’re talking about a phone here, people, not involuntary servitude. Get a grip. Yes, a Mac is different from an iPhone but I’m free to choose what software I install on either. If I want the freedom to install any app, then I must sacrifice the value added by Apple’s testing. One of the many small choices to be made in life: adults learn that having everything that they want is usually not an option.
What whiners can’t grasp is that Apple’s testing of iPhone software is a BUSINESS decision to reduce the possibility that their product will become associated with unsavory or malicious apps. Everyone who uses a PC, for example, understands that porn can be pulled up on a PC regardless of the maker, or on a Mac. But if a porn app is associated with the iPhone (and briefly there was one), a device like no other until recently, naive consumers could associate the two. What business person (as opposed to bloggers, pundits, and ideologues) is willing to run that risk, no matter how small, for the sake of an ideology that has at least one spectacular failure (see Windows)?
D. Smith, on November 23rd, 2009 at 3:54 pm
@iGenius
Sure, go enjoy your virus / worms. Most people won’t even care.
Roughlydrafted magazine has articles on why the freetard way has been failing and will continue to fail.
Duh of course a computer is different than the mobile phone. Are the battery size, available RAM, CPU speed the same? Jeez.
Obama Pacman, on November 23rd, 2009 at 5:22 pm
Karma at its best. Every time those hacks get their iPhones screwed by a worm/trojan, an angel gets its wings.
bjorntech@squee.org, on November 23rd, 2009 at 9:01 pm