New malware targets compromised jailbroken iPhones

Mac-focused security software developer Intego has posted a security memo warning of a new piece of malware targeting jailbroken iPhones and iPod touches. According to the post, the software, identified as iPhone/Privacy.A, uses the same vulnerability as the “rickroll” worm from earlier this week, attacking devices which have been jailbroken and had SSH activated without the owners changing the default password. However, unlike past hacks, which were mostly harmless, this new tool allows a hacker to silently copy a multitude of data from the compromised device, including e-mail, contacts, SMSs, calendars, photos, music files, videos, and any data recorded by any iPhone app. It also leaves no indication that the device has been compromised, since it doesn’t actually install anything on the iPhone or iPod touch, instead working from a PC, scanning the connected network for possible marks and copying their data when discovered.