iLounge

:: iLounge Home :: Forums Home ::

Home — News
New iPhone jailbreak worm seeks banking info
By Charles Starrett | 11.23.09

A new iPhone worm affecting jailbroken units is targeting owners who use their device to access Internet banking services from Dutch online bank ING. BBC News reports that the worm was discovered by security company F-Secure, and uses the same SSH vulnerability—specifically, jailbroken iPhones that have had SSH activated without having the default password changed—to redirect the bank’s customers to an unauthorized look-a-like site with a login screen. According to F-Secure, this new worm is more dangerous than prior threats because it can behave like a botnet, enabling the phone to be accessed or controlled remotely. “It’s the second iPhone worm ever and the first that’s clearly malicious - there’s a clear financial motive behind it,” F-Secure research director Mikko Hypponen told the BBC. “It’s fairly isolated and specific to Netherlands but it is capable of spreading.” Hypponen added that while the number of infected phones is thought to still be in the hundreds, the worm could potentially jump from phone to phone when multiple vulnerable devices are running on the network, such as at Wi-Fi hotspots. A spokesperson for ING Bank said the company was going to post a warning about the worm on its official website. “We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”

Next: KT to launch iPhone in South Korea on Nov. 28

Previous: Apple exec Schiller discusses App Store

Comments

and this is why I did not wanted to jail break my iPhone. I’m a IT guy and I knew that this will happen, I was just woundering what took so long…

By dennis on 11.23.09 at 11:14 AM

And this did not stop me from jailbreaking MY iPhone. I’m an IT guy and I knew all I had to do was CHANGE the default password.

By ahMEmon on 11.23.09 at 12:41 PM

I’m just surprised the payloads have been so small.
A Spamming Security Alert.
RickRolling.
A simple Phishing Scam which targets one financial institution only.

It would be so simple to install a keylogger. That would capture usernames, passwords and online banking URI’s for any financial institution. It would also be undetectable to the average Pleb who Jailbrakes their phone just so they can get non-standard alert tones.

By Dan Woods on 11.23.09 at 12:47 PM

lol, I see a hacked iPhone as pretty cool but I can’t trust a 3rd party to give 100% trustworhty apps, esp. when they don’t develope for the regular apps store and go the hacked rout. .. I’m not saying that all hacked apps designer are not trustworhty, but the risk of just one or two hackers of creating front end apps which have additional backdoor apps are to much of a risk for me ....

On the other hand, I agree that the reaosn for a hacked iPhone is simple that the original apps store needs some work, the device need to have some more functionality for the user.

By dennis on 11.23.09 at 02:17 PM

This just illustrates how stupid it is to ‘jailbreak’ your iPhone.  And the app store offers tons and tons of functionality and is working fantastically as it is.  I don’t want a windows-like (security challenged and user experience nightmare) on any Apple device, especially not the iPhone.

By Brian on 11.24.09 at 01:05 PM

Login to post a comment.
Please keep your comments on-topic.

Log In

iLounge.com is ©2001 - 2010 iLounge, Inc. All Rights Reserved.
Terms of Use | Privacy Policy