To all you iPhone and iPod touch users who have jailbroken your devices, watch out. The inevitable has happened,hackers have now devised a way to hack into your device and retrieve your personal information. This new worm was discovered by security company F-Secure, as far as we know it’s only be affecting a few devices in the Netherlands for the moment.
Courtesy Engadget
What this worm appears to be doing is targeting users who do online banking with their devices, it then asks them to log in on a fake page, and gains access to their device and details.
It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank’s customers to a lookalike site with a log-in screen.
We saw the first iPhone worm appear in Australia a couple of weeks ago but i’m afraid this one isn’t like it. The Australian worm simply changed jailbroken iPhones wallpapers to a picture of Rick Astley ”Rickrolling” users.
Users who have jailbroken their devices and installed SSH and who have not changed their default password are the ones who will be affected by this new malicious worm. F-Secure say the number of devices currently infected is only in the hundreds but it has the potentially to spread. It may also become more dangerous as it “enables the phone to be accessed or controlled remotely without the permission of its owner.” and recent reports are also emerging from Intego that the worm is now stealing information from users and opening up their device to further access.
When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices
Firstly, the obvious, be very cautious doing online banking on your iPhone/iPod, in particular if you live in the Netherlands or have jailbroken your device. You need to change your default SSH password if you have installed it and to be on the safe said you should probably restore your device back to its original firmware.
Signs that you may be infected? Slower 3G and network connection speeds, Slower Wi-Fi and noticeably shorter battery life due to the worms increased activity. If you think you have been infected, notify your bank and perform a full restore on your device immediately
Source:
