News
New iPhone jailbreak worm seeks banking info
By Charles Starrett
Senior Editor, iLounge
Published: Monday, November 23, 2009
News Category: iPhone
A new iPhone worm affecting jailbroken units is targeting owners who use their device to access Internet banking services from Dutch online bank ING. BBC News reports that the worm was discovered by security company F-Secure, and uses the same SSH vulnerability—specifically, jailbroken iPhones that have had SSH activated without having the default password changed—to redirect the bank’s customers to an unauthorized look-a-like site with a login screen. According to F-Secure, this new worm is more dangerous than prior threats because it can behave like a botnet, enabling the phone to be accessed or controlled remotely. “It’s the second iPhone worm ever and the first that’s clearly malicious - there’s a clear financial motive behind it,” F-Secure research director Mikko Hypponen told the BBC. “It’s fairly isolated and specific to Netherlands but it is capable of spreading.” Hypponen added that while the number of infected phones is thought to still be in the hundreds, the worm could potentially jump from phone to phone when multiple vulnerable devices are running on the network, such as at Wi-Fi hotspots. A spokesperson for ING Bank said the company was going to post a warning about the worm on its official website. “We are also briefing call centre personnel,” she added. “It’s important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands.”
Related Stories
- Apple airs new Siri-focused iPhone 4S ads
- Apple asks European standards body to set Frand rules
- iPhone accounts for 40% of new Sprint customers in Q4 2011
- Key iPhone, iPod executive left Apple last year
- Motorola sought lucrative royalty on iPhone, iPad sales
- AT&T explains ‘unlimited data’ user throttling, blames users?
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- iLounge Weekly coming early Monday, giveaway reminder
- iBackFlip launches Somersault case for iPad
- Motorola loses third patent case against Apple in Germany
- Apple rushing to pick demo apps for next iPad launch
- Apple airs new Siri-focused iPhone 4S ads
- Periscope Audio Lab releases SpaceSampler
- Evernote Hello improves contact entry features
- eMailGanizer Pro adds Universal Inbox, Smart Folders
- Scosche rolls out bassDock for iPad
- German court rejects Apple bid to ban Galaxy 10.1N
Recent Reviews
- Cygnett Apollo for iPhone 4/4S
- Case-Mate Pop! ID for iPhone 4/4S
- Case-Mate Pop! for iPhone 4/4S
- Case-Mate Pop! With Stand for iPhone 4/4S
- Solid Line Products RightShift 2 Removable Keyboard Case for iPad 2
- Spigen SGP Kuel F60Q Battery Pack
- Just Mobile Highway + Highway Pro for iPod, iPhone + iPad
- Speck CandyShell and CandyShell Satin for iPhone 4/4S
- Jensen JiPS-310i Docking Speaker for iPod, iPhone & iPad
- FrappeDesign Smart Sleeve for iPad 2
Recent Articles
- iOS Gems: Adventures of Tintin, Reckless Racing 2 + Scramble With Friends
- Ask iLounge 2-3-12
- Making The Case For - And Against - An Apple iTV Television
- Instant Expert: iTunes U for iPad, iPhone and iPod touch
- Instant Expert: Secrets & Features of iBooks 2.0
- iLounge’s 2012 CES Best of Show Awards: Honorable Mentions
- iLounge’s 2012 CES Best of Show Awards: iPod, iPhone, iPad + Mac
- iOS Gems: Bug Princess, Dora Hops Into Phonics, It’s A Small World, Sleepy Jack + X Is For X-Ray
- The Complete Guide to Managing iTunes Videos
- Editorial: As CES Grows, Will Microsoft’s Loss Be Apple’s Gain?
1
and this is why I did not wanted to jail break my iPhone. I’m a IT guy and I knew that this will happen, I was just woundering what took so long…
Posted by dennis on November 23, 2009 at 11:14 AM (PDT)
2
And this did not stop me from jailbreaking MY iPhone. I’m an IT guy and I knew all I had to do was CHANGE the default password.
Posted by ahMEmon in Canada on November 23, 2009 at 12:41 PM (PDT)
3
I’m just surprised the payloads have been so small.
A Spamming Security Alert.
RickRolling.
A simple Phishing Scam which targets one financial institution only.
It would be so simple to install a keylogger. That would capture usernames, passwords and online banking URI’s for any financial institution. It would also be undetectable to the average Pleb who Jailbrakes their phone just so they can get non-standard alert tones.
Posted by Dan Woods on November 23, 2009 at 12:47 PM (PDT)
4
lol, I see a hacked iPhone as pretty cool but I can’t trust a 3rd party to give 100% trustworhty apps, esp. when they don’t develope for the regular apps store and go the hacked rout. .. I’m not saying that all hacked apps designer are not trustworhty, but the risk of just one or two hackers of creating front end apps which have additional backdoor apps are to much of a risk for me ....
On the other hand, I agree that the reaosn for a hacked iPhone is simple that the original apps store needs some work, the device need to have some more functionality for the user.
Posted by dennis on November 23, 2009 at 2:17 PM (PDT)
5
This just illustrates how stupid it is to ‘jailbreak’ your iPhone. And the app store offers tons and tons of functionality and is working fantastically as it is. I don’t want a windows-like (security challenged and user experience nightmare) on any Apple device, especially not the iPhone.
Posted by Brian on November 24, 2009 at 1:05 PM (PDT)