PDA

View Full Version : First iPhone Trojan?




MarkMS
Jan 6, 2008, 12:01 AM
Just saw this and wanted to let you all know.

Here is a quick excerpt from ModMyiFone (http://www.modmyifone.com/forums/showthread.php?t=24323). Just want people to know before they mess up their iPhone. I can't test this out, since I don't "hack" my iPhone, but I think this is why Apple wants the security measures before they release the SDK in Feb. This is how one bad person can ruin an experience.

It has come to my attention that the people responsible for the JMCO source jmwiki.com have internially created a malicious source with the sole intention of mucking up people's iPhones.

This source adds an app in installer that pretends to be an update of erica's utilities. The app appears in installer as 113 prep.

Once installed all this app does is it says "shoes." When uninstalled this app removes a lot of files from the /bin directory on the iphone, breaking valid apps like sendfile and other erica utilities.

ModMyiFone recommends that you DO NOT install 113 prep. We further recommend that you abandon the use of the JMCO source and remove it from your installer app.

It is a shame to see that people in our community are set on causing problems for others, their actions are not admirable.

Help us get out the word to everyone as quickly as possible and Digg This (http://digg.com/apple/iPhone_1_1_3_Prep_is_a_Malicious_File_DO_NOT_INSTALL)



ascham87
Jan 6, 2008, 12:29 AM
I am surprised it took this long for something like this to happen. This is why I long for an official SDK, but with the amount of apps that Installer.app has..sigh...only in a perfect world I guess :(

jav6454
Jan 7, 2008, 12:14 AM
Just saw this and wanted to let you all know.

Here is a quick excerpt from ModMyiFone (http://www.modmyifone.com/forums/showthread.php?t=24323). Just want people to know before they mess up their iPhone. I can't test this out, since I don't "hack" my iPhone, but I think this is why Apple wants the security measures before they release the SDK in Feb. This is how one bad person can ruin an experience.

And to think it was all caused by an 11 year-old boy. *sigh* The world ain't the one when 11 year olds watched for porn instead of ruinning people's devices. *sarcasm*

1rottenapple
Jan 7, 2008, 02:13 AM
Is modmyifone working again? When I go there, it still reports that it can't find the server.

Consultant
Jan 7, 2008, 10:01 AM
Thanks for the heads up.

Well, a classic case of trojan. But in this day and age, most people should be smart enough not to install something unless it's confirmed by the community.

Whoever responsible should be put in jail, preferably in the same cell as OJ.

xUKHCx
Jan 9, 2008, 05:45 AM
Good old social engineering at play here.

It is up on Macworld (http://www.macworld.co.uk/ipod-itunes/news/index.cfm?newsid=20093&pagtype=allchandate) site now as well.

pacohaas
Jan 9, 2008, 09:37 AM
I am surprised it took this long for something like this to happen. This is why I long for an official SDK, but with the amount of apps that Installer.app has..sigh...only in a perfect world I guess :(
an SDK doesn't necessarily mean a limited number of "approved" apps. Look at all the stuff apple has approved for their webapps directory.

Eraserhead
Jan 9, 2008, 09:42 AM
an SDK doesn't necessarily mean a limited number of "approved" apps. Look at all the stuff apple has approved for their webapps directory.

I think the iPhone will only support applications from the directory, ala the Apple webapps directory.

pacohaas
Jan 9, 2008, 09:56 AM
yeah, and look how much crap is on there, but (hopefully) no malicious software. I'm just saying, it doesn't seem to take much for apple to "approve" something for the iPhone.

MacRumors
Jan 10, 2008, 11:18 AM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

Earlier this week, a third party package named "iPhone firmware 1.1.3 prep" became available via Installer.app. ModMyiPhone.com (http://www.modmyifone.com/forums/showthread.php?t=24323) was first to identify it as malicious, and F-Secure later confirmed the low-risk threat (http://www.f-secure.com/weblog/archives/00001355.html).

The trojan installation package contains false application installation information that causes legitimate third party applications to be removed if the trojan is uninstalled from the iPhone.

The package was quickly removed from distribution after identification of malicious characteristics. Additionally, F-Secure states that the author was an "11-year-old kid playing with XML files." F-Secure warns that a more experienced coder could have done more damage.

Security will be one of the top concerns of Apple's upcoming SDK (http://www.macrumors.com/2007/10/17/steve-jobs-announces-3rd-party-sdk-for-iphone-for-february-2008/), as Steve Jobs had alluded to Nokia's system of digitally signing applications.

Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than "totally open," we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs.

Article Link (http://www.macrumors.com/iphone/2008/01/10/first-iphone-trojan/)

Metatron
Jan 10, 2008, 11:38 AM
Great...11 year old hackers. I don't know any 11 year old that can "play" with XML files, build a package, and then properly submit it.

puckhead193
Jan 10, 2008, 11:54 AM
Great...11 year old hackers. I don't know any 11 year old that can "play" with XML files, build a package, and then properly submit it.
dam when i was 11 i barely knew my multiplication tables non the less XML. :p jeez it soon should be manadtory for kids to join an outside sport league or activity.

walnuts
Jan 10, 2008, 12:00 PM
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.

erandall38
Jan 10, 2008, 12:43 PM
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.

Was thinking the same thing.... anyone have any liable insight on this?

djgamble
Jan 10, 2008, 12:51 PM
Yeah sorry I'm not sold on it being an 11 year old or that someone else could have easily done something much worse.

Playing with xml files... well I'm a web developer and have used a lot of xml, I did a bachelor's degree and a master's where I learned such things; and also program a lot of educational resources using xml so I would call myself a professional.

I'm hard pressed to believe this was an 11 year old for 2 reasons:
1) iPhones are damn expensive, what is an 11 year old doing with an iPhone?
2) I work with xml every day in a professional environment and can't see how I'd be able to trash an iPhone using xml.
3) xml is a type of database, not a programming language. I'd be impressed if an 11 year old could get an rss feed going using an xml database let alone hack an iPhone using it (apparently).

Okay so most people with installer.app have root access enabled and have not changed their root password, yes I think people could make software that hacks the iPhone quite easily, but to me this was never a serious threat.

It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).

pacohaas
Jan 10, 2008, 12:52 PM
Was thinking the same thing.... anyone have any liable insight on this?

The same could be said for a Windows PC with a proper backup. So what if you get a virus? Just reformat and restore your backups. In reality this is a much bigger problem than it may seem, which is why we have anti-virus software and don't click on links that seem sketchy. Reformatting and restoring to get rid of a virus is a pain.

chr1s60
Jan 10, 2008, 01:09 PM
I think the iPhone will only support applications from the directory, ala the Apple webapps directory.

I have no problem with this. Sure, there may not be as many apps right away, but if the iPhone were to just open up to any 3rd party app from any random place, you could bet that this type of thing would not be as rare as it currently is.

walnuts
Jan 10, 2008, 01:25 PM
The same could be said for a Windows PC with a proper backup. So what if you get a virus? Just reformat and restore your backups. In reality this is a much bigger problem than it may seem, which is why we have anti-virus software and don't click on links that seem sketchy. Reformatting and restoring to get rid of a virus is a pain.

Yes but restoring a PC is a totally different animal than restoring the iPhone. I've done it twice alreadyIf you haven't hacked it, it takes 15 minutes to reinstall the software and then maybe a half and hour to put all of your content back on. Furthermore, nearly the whole process, from the iTunes backup all the way through resyncing the content is automated. There's no restoring data, finding reinstall discs and passwords. Heck, reinstalling one app on a pc probably takes just as long as restoring the iPhone.

cazlar
Jan 10, 2008, 01:43 PM
It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).

I think what is being misunderstood by most people is that there was no "trojan" code being programmed so to say. What instead has happened is that he had taken an existing xml description of an Installer.app package (from STE I believe), and changed its name to something people would be interested in installing (a 1.1.3 prep package in this case). I'm not sure what else he changed, it popped up a stupid phrase I think, but the point is that he left the uninstall instructions for Ericas utilities still in the xml. And then made a repository (not that hard, instructions are available) and convinced people to download it. When these folks decided it was useless/fake, they hit uninstall, and as well as deleting itself, it took Erica's utilities with it.

So, not a trojan. Just a really really dumb prank with unexpected (but not disastrous) consequences. He probably didn't realise leaving the uninstall stuff would cause problems. Exactly what I'd expect from a kid who was playing around with an xml file and thought that'd be great fun.

It does show that as great as the current third-party apps are, there is a potential to do some damage if you use untrusted sources (as many of them are).

I'd love to have been around and seen what ensued after STE rang his dad though...

ert3
Jan 10, 2008, 02:31 PM
It was bound to happen.

Hopefully Apple's protection will go farther than the "This App was downloaded from the web" reminder.

In the end of this scatered thought I would just like to hope that the iPhone does not become a tool for viruses to jump from your phone to your mac and that we don't see the iPhone become so full of security holes that eventually we get Norton-iMobile edition or the like.

matticus008
Jan 10, 2008, 05:09 PM
Hopefully Apple's protection will go farther than the "This App was downloaded from the web" reminder.
It does already. A stock iPhone is not vulnerable to this little prank.

This is the consequence of hacking your phone to execute arbitrary code. This is the consequence of an uncontrolled community. You've got to take the good with the bad--everyone complaining about Apple closing the hacks and the developer community needing to find another way in can now be pointed quite plainly to an example for why.

All in all, this isn't terribly harmful, and it's not self-propagating and people would have to install this voluntarily, so only the lazy and the ignorant will be affected. If you want to jailbreak your iPhones, you should be prepared to take responsibility for its security and that involves not installing mysterious packages with no web presence on the well-trafficked sites.

longofest
Jan 10, 2008, 06:04 PM
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.

Was thinking the same thing.... anyone have any liable insight on this?

Remember that not all Trojans aim to simply mess up your iPhone's installation. Another form of a Trojan could appear as a valid and useful program, but in the background, it could be sending all of your contact data and email addresses to bad people.

CyberGreg
Jan 10, 2008, 07:01 PM
...
So, not a trojan. Just a really really dumb prank with unexpected (but not disastrous) consequences. He probably didn't realise leaving the uninstall stuff would cause problems. Exactly what I'd expect from a kid who was playing around with an xml file and thought that'd be great fun.
...

100% correct and spot on....

Nothing to see here.... move along...
:cool:

ethernet76
Jan 10, 2008, 07:25 PM
Yeah sorry I'm not sold on it being an 11 year old or that someone else could have easily done something much worse.

Playing with xml files... well I'm a web developer and have used a lot of xml, I did a bachelor's degree and a master's where I learned such things; and also program a lot of educational resources using xml so I would call myself a professional.

I'm hard pressed to believe this was an 11 year old for 2 reasons:
1) iPhones are damn expensive, what is an 11 year old doing with an iPhone?
2) I work with xml every day in a professional environment and can't see how I'd be able to trash an iPhone using xml.
3) xml is a type of database, not a programming language. I'd be impressed if an 11 year old could get an rss feed going using an xml database let alone hack an iPhone using it (apparently).

Okay so most people with installer.app have root access enabled and have not changed their root password, yes I think people could make software that hacks the iPhone quite easily, but to me this was never a serious threat.

It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).

At 11 I could program at a sophomore in college level.

Some people's can grasp computer languages even at early ages.

I remember some Y2K stories about the state's computers being fixed by 13-year olds.

AutumnSkyline
Jan 10, 2008, 07:51 PM
dam when i was 11 i barely knew my multiplication tables non the less XML. :p jeez it soon should be manadtory for kids to join an outside sport league or activity.

Some kids don't like sports, or after school activities. I never liked any sport, or after school activity until they introduced DDR and some schools don't have cool alternatives like that, so many students like myself, opted for Computers.:apple:

pacohaas
Jan 11, 2008, 12:30 AM
At 11 I could program at a sophomore in college level....and yet now, you fail to fully grasp the English language. I feel bad for the sophomore who you programmed at.

I never liked any sport, or after school activity until they introduced DDRAfter playing DDR did you suddenly like sports or are you considering DDR an after school activity? Not saying I agree with the guy who said "you must like sports or else", but seriously, DDR?

Drumjim85
Jan 11, 2008, 12:43 AM
...and yet now, you fail to fully grasp the English language. I feel bad for the sophomore who you programmed at.
:D:D

Plumbstone
Jan 11, 2008, 05:39 AM
Yeah sorry I'm not sold on it being an 11 year old or that someone else could have easily done something much worse.

I'm hard pressed to believe this was an 11 year old for 2 reasons:
1) iPhones are damn expensive, what is an 11 year old doing with an iPhone?
2) I work with xml every day in a professional environment and can't see how I'd be able to trash an iPhone using xml.
3) xml is a type of database, not a programming language. I'd be impressed if an 11 year old could get an rss feed going using an xml database let alone hack an iPhone using it (apparently).


Most 11 year olds I know can count to 2 though so maybe it's not that hard to believe...

kaselectronics
Jan 11, 2008, 07:07 PM
Whats next! :rolleyes:

Optimus Rhyme
Jan 21, 2008, 12:14 AM
It actually surprises me that we haven't seen more viruses for the iPhone, but I must say I'm happy that we haven't. Someone told me about this and said it was all over the place, and of course it was blown out of proportion, but it could have been bad.

Just don't be the first person to try something that shows up, look into it first to see if it's good!

fastbite
Jan 21, 2008, 09:17 AM
This must be the kid that did it!

shigzeo
Jan 26, 2009, 08:53 PM
we also reported of a user in japan who suffered at least what seems to be a break in into his /var/root section and unauthorised directory created. who knows what is happening but android is not the only platform with 'apparent' problems (http://www.touchmyapps.com/2009/01/21/jailbreaked-ipod-touchiphone-users-beware-of-snoopers/).