Hackers attack jailbroken iPhones

one man clappin

Hackers have built a virus that attacks Apple iPhone by secretly taking control of the devices via their Internet connections, security experts said.

The virus has been detected in the Netherlands and can only attack iPhones whose users have disabled some pre-installed security features, according to analysts monitoring the progress of the virus.

The hackers are trying to use the virus to obtain passwords to banking sites, according to Graham Cluley, a researcher with anti-virus software maker Sophos. When an iPhone user tries to access a bank website, the Duh Worm directs the browser to a look-a-like site controlled by the hackers, Mr Cluley said.

A spokeswoman for ING Group said the Dutch banking giant discovered a criminal network that attempted to steal banking credentials via hacked iPhones. Dutch clients of ING have been targeted, but there was no indication that clients outside the Netherlands have to worry, she said.

ING has not received any reports from clients that their credentials have been lost, but the bank was monitoring client accounts for suspicious transactions, the spokeswoman said.

The only iPhones that are vulnerable to the Duh Worm are "jail broken" phones, where users disable key Apple security features to get around the terms of usage agreement that they are designed to enforce, analysts said.

For example, Apple prevents users from switching service providers to unauthorised carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorised programs covering areas including Internet phone calls, WiFi access and pornography.

"The vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably," said Apple spokeswoman Natalie Harrison.

Three independent security experts said that it is best for iPhone users not to jail break their devices because the security risks are greater than the benefits.

"They're leaving their back door open. Every one else knows what the key is to open that door," Cluley said.

The ING spokeswoman said: "People who use their iPhones in a regular way have nothing to fear."

The case is the first in which iPhones have been recruited into a "botnet," or army of infected devices that hackers can control from a central "command and control centre".

http://www.irishtimes.com/newspaper/breaking/2009/1123/breaking85.htm

rabbitinlights

It uses SSH to log into your iphone, just change the root password and your safe.

S.

Deep Thought

rabbitinlights wrote: »

It uses SSH to log into your iphone, just change the root password and your safe.

S.

Exactly, am already fed up with this around the sites.

Change password as you normally would do with any application or login....

deep1

quick question,
What if i delete Open SSH, as i don't need to remotely access my data, does it have any other effect than the above purpose?

J-blk

Szondi wrote: »

Exactly, am already fed up with this around the sites.

+1 - the language used in the article(s) is just plain wrong... it's not a "virus", it's not a "hack" and only exploits peoples' laziness/stupidity, nothing more...

ShadowHearth

I wouldnt be surprised if apple does such articles, and trying to force people to stop jailbreaking theyr iphones...

Leiva

Pure over Hyped Crap !

Its another attempt to discourage jail breaking .

BaZmO*

ShadowHearth wrote: »

I wouldnt be surprised if apple does such articles, and trying to force people to stop jailbreaking theyr iphones...

My phone is not jailbroken, and I wouldn't be a techie, but that's the first thought that came to mind when reading the article. The mention of "stealing your bank details" also helps with the scare tactics.