New Malware Allows Hackers to Access Personal Information on Jailbroken iPhones

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,654
10,975
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

Security firm Intego reports that it has spotted new malware, termed iPhone/Privacy.A, that is capable of allowing hackers to access personal information stored on certain jailbroken iPhones and iPod touches. Non-jailbroken iPhones are not vulnerable to the malware.

While full details of the tool are not disclosed, it is reported to utilize the same method as the "Rickrolling" worm deployed in Australia late last week, suggesting that the new malware would only affect jailbroken iPhones and iPod touches whose users have installed SSH for remote access capabilities and failed to change the default password. It is unclear the extent to which the tool has been seen in the wild, although Intego currently categorizes the risk of the malware as "low".
When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone.
Intego notes that the tool works by being installed onto a computer and then scanning the computer's network to find vulnerable iPhones.
This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
While antivirus software can protect computers from serving as hosts for the malicious software, Intego also notes that because no software is installed on the iPhone or iPod touch during the process, no external protection for users who are vulnerable to the malware can be deployed. Vulnerable users must change their default SSH passwords in order to thwart access attempts.

Article Link: New Malware Allows Hackers to Access Personal Information on Jailbroken iPhones
 

flooce

macrumors member
Jan 19, 2009
54
0
great, will be bad reputition for apple again, since the yellow press will leave away the piece of information that it only affects jailbroken iphones.
 

al2o3cr

macrumors regular
Oct 14, 2009
210
0
How is this news exactly?

Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.
 

Mattie Num Nums

macrumors 68030
Mar 5, 2009
2,834
0
USA
This isn't really a ground breaking thing. Install SSH, leave Default Password, get Pwned. Pretty straight forward to me.
 

END3R

macrumors member
Jan 27, 2009
64
0
No offense, but why is the "news" here always a day late?

Anyway, this is kind of common sense people. It's like many software installations that provide a default password; when you install a wireless router in your home, do you keep that default admin password? If you do, I feel for you and for the future of your gene recipients.
 

mkrishnan

Moderator emeritus
Jan 9, 2004
29,776
12
Grand Rapids, MI, USA
This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it.
In fairness, while I knew about the default "alpine" password many, many moons ago, and I don't have SSH installed on my iPhone anyway, I've not seen too many people with "free car" signs on their cars, and yet these exploits on the iPhone do actually seem to be attracting targets. So you can conclude that many jailbreak users are idiots. Fine. But the fact remains that there are vulnerable people out there....
 

Mattie Num Nums

macrumors 68030
Mar 5, 2009
2,834
0
USA
No offense, but why is the "news" here always a day late?

Anyway, this is kind of common sense people. It's like many software installations that provide a default password; when you install a wireless router in your home, do you keep that default admin password? If you do, I feel for you and for the future of your gene recipients.
This just in all phones with SSH and default password can be hacked by ANYONE in the world who has limited SSH knowledge.
 

TheKingIV

macrumors member
Apr 14, 2008
94
0
I have a jailbroken phone. From what I gather in this article I should be fine. Am I right?

- I've changed my root password using Terminal
- I never use wi-fi on my iPhone

Wi-Fi is apparently the only way they can get into your phone, right?
 

Shunnabunich

macrumors regular
Oct 30, 2005
230
41
Ontario, Canada
The fact that it's common sense doesn't mean that most people will do it. It's safe to assume that many iPhone/iPod touch users who jailbreak their devices lack the technical inclination to automatically realize that installing that little thingy that lets them access their files from their computer means they have to also go into a terminal and change a password.

What really needs to be done is for the password change to be made a mandatory part of the jailbreaking process. Prompt the user to "set a password", and simply don't accept "alpine" as the input, then do the password change in the background once everything is up and running on the device's end. (I assume that it can't be done "ahead of time" to the firmware installer itself — or can it?)
 
I have a jailbroken phone. From what I gather in this article I should be fine. Am I right?

- I've changed my root password using Terminal
- I never use wi-fi on my iPhone

Wi-Fi is apparently the only way they can get into your phone, right?
No. If you are online with 3G, Edge, or Wifi, you are online and open.

But if you changed from "alpine", you are at least safer....
 

63dot

macrumors 603
Jun 12, 2006
5,269
339
norcal
And it's really Apple, trying to get people to not Jailbreak :p.
You think? The thing is when Apple makes a product and signs a contract, it's perfect, so if anybody disagrees then they should go to a dungeon under Steve Jobs' mansion.
 

saturniphone

macrumors member
Jul 3, 2008
59
0
Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.
It's quite obvious how this is news. People who jailbreak can literally hit one button on a GUI and it's done. They never log in to their iPhone and install SSH or anything. It all just happens automatically. There are a ton of novice users who don't even know what SSH means who have jailbroken their phones to steal apps or change their background colors.
 

LlamaLarry

macrumors regular
Oct 6, 2008
111
20
Northern VA
What really needs to be done is for the password change to be made a mandatory part of the jailbreaking process. Prompt the user to "set a password", and simply don't accept "alpine" as the input, then do the password change in the background once everything is up and running on the device's end. (I assume that it can't be done "ahead of time" to the firmware installer itself — or can it?)
Since ssh is not installed by default when jailbreaking anymore the real onus should be on the ssh package installer instead.
 

ChrisA

macrumors G4
Jan 5, 2006
11,672
471
Redondo Beach, California
This is not just iPods. You can get into any computer that is running SSH if you know the password. That is the entire purpose of SSH, to allow remove logins.

In other news: Hackers discover they can drive your car if you leave the doors unlocked and the keys in the ignition.
 

rwilliams

macrumors 68040
Apr 8, 2009
3,626
704
Raleigh, NC
What amazes me is that people who install SSH on any device would not have the common sense to change their passwords. Seriously, if you know enough about SSH to install it in the first place, you should know to never keep the default password.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.