New iPhone jailbreak worm seeks banking info | iLounge News


New iPhone jailbreak worm seeks banking info

A new iPhone worm affecting jailbroken units is targeting owners who use their device to access Internet banking services from Dutch online bank ING. BBC News reports that the worm was discovered by security company F-Secure, and uses the same SSH vulnerability—specifically, jailbroken iPhones that have had SSH activated without having the default password changed—to redirect the bank’s customers to an unauthorized look-a-like site with a login screen. According to F-Secure, this new worm is more dangerous than prior threats because it can behave like a botnet, enabling the phone to be accessed or controlled remotely. “It’s the second iPhone worm ever and the first that’s clearly malicious - there’s a clear financial motive behind it,” F-Secure research director Mikko Hypponen told the BBC. “It’s fairly isolated and specific to Netherlands but it is capable of spreading.” Hypponen added that while the number of infected phones is thought to still be in the hundreds, the worm could potentially jump from phone to phone when multiple vulnerable devices are running on the network, such as at Wi-Fi hotspots. A spokesperson for ING Bank said the company was going to post a warning about the worm on its official website. “We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”

Related Stories



and this is why I did not wanted to jail break my iPhone. I’m a IT guy and I knew that this will happen, I was just woundering what took so long…

Posted by dennis on November 23, 2009 at 1:14 PM (CST)


And this did not stop me from jailbreaking MY iPhone. I’m an IT guy and I knew all I had to do was CHANGE the default password.

Posted by ahMEmon on November 23, 2009 at 2:41 PM (CST)


I’m just surprised the payloads have been so small.
A Spamming Security Alert.
A simple Phishing Scam which targets one financial institution only.

It would be so simple to install a keylogger. That would capture usernames, passwords and online banking URI’s for any financial institution. It would also be undetectable to the average Pleb who Jailbrakes their phone just so they can get non-standard alert tones.

Posted by Dan Woods on November 23, 2009 at 2:47 PM (CST)


lol, I see a hacked iPhone as pretty cool but I can’t trust a 3rd party to give 100% trustworhty apps, esp. when they don’t develope for the regular apps store and go the hacked rout. .. I’m not saying that all hacked apps designer are not trustworhty, but the risk of just one or two hackers of creating front end apps which have additional backdoor apps are to much of a risk for me ....

On the other hand, I agree that the reaosn for a hacked iPhone is simple that the original apps store needs some work, the device need to have some more functionality for the user.

Posted by dennis on November 23, 2009 at 4:17 PM (CST)


This just illustrates how stupid it is to ‘jailbreak’ your iPhone.  And the app store offers tons and tons of functionality and is working fantastically as it is.  I don’t want a windows-like (security challenged and user experience nightmare) on any Apple device, especially not the iPhone.

Posted by Brian on November 24, 2009 at 3:05 PM (CST)

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2018 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy