RSS Alerts

Share

More services

Related Links

  • F-Secure
  • Sophos
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • First iPhone worm appears - and it's never gonna give you up
    It's taken a while, but the first real iPhone worm has appeared, although its payload appears to be relatively benign - unless that is, you dislike Rick Astley, the 1980s pop star from Newton le-Willows in Lancashire.
  • Black Hat: major iPhone hack to be revealed today
    You could never describe the Apple iPhone as totally secure, given the number of jailbreaks that crackers have developed to unlock the popular handset from its partner networks, but researchers at the Black Hat security conference are scheduled to reveal a serious chink in the mobile's armour today.
  • iPhone forensics specialist reveals iPhone flaws on YouTube
    Jonathan Zdziarski, a data forensics specialist, has come up with a novel way of explaining iPhone security flaws by posting how-to videos on the YouTube video portal.
  • RSA unveils iPhone SecurID application
    RSA, the security division of EMC, has unveiled SecurID Software Token for iPhone Devices which it claims allows the Apple cellular handset to be used an RSA SecurID authenticator.
  • iPhone may be weak link in company information security defences
    Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources.
  • Sunbelt working on next-gen anti-virus technology
    Sunbelt Software claims to have developed a new anti-virus technology called `file emulation' in its battle against malware.
  • Hackers hit the road
    In a fresh case of social engineering, ever-resourceful hackers in the US have found a new way to direct unsuspecting users into downloading a virus, through fake parking tickets.
  • Israeli-Hamas battle escalates to botnets
    The ongoing conflict between Israel and Hamas in the Middle East has escalated beyond a spat of hacker Web site attacks plus defacements and into the realms of botware.

Top 5 Stories

News

Second virus for iPhone surfaces - worse than Rick Astley worm

23 November 2009

Hard on the heels of an apparent `proof of concept' worm for the Apple iPhone that loaded a picture of Rick Astley onto users' mobile phones, a new and more serious virus has appeared.

Like the Ikee worm of two weeks ago, this virus appears to have been coded specifically for jailbroken iPhones and is reported to be capable of stealing banking credentials, as well as and hijacking the smartphone to become part of a botnet.

Discovered by F-Secure, the worm - Ikee.B - has apparently been coded to upload a users' banking data to a server in Lithuania and is then programmed to follow orders from remote hackers using specific commands,

Whereas the original iPhone worm was limited to infecting iPhones on the Australian Optus mobile network, Ikee.B looks for vulnerable iPhones on a much wider range of IP ranges - including Optus in Australia, UPC in the Netherlands and most T-Mobile networks in the world.

Commenting on the Ikee.B worm, Graham Cluley, Sophos' senior technology consultant, said that it is doubly criminal as, not only does it break into your iPhone without permission, but it also cedes control of your iPhone to a botnet command server in Lithuania.

"That means your iPhone has just been turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised", he said.

Interestingly the Ikee.B worm - which Sophos calls `Duh' - is reported to change the iPhone's password to something quite rude.

Cluley said that his fellow researcher Paul Ducklin was able to recover the amended iPhone password, which had been changed from its default of `alpine.'

"Apple's default root password - 'alpine' - on the iPhone breaks two fundamental rules - it's both a dictionary word and well-known. This doesn't matter for most iPhone users, as they haven't jailbroken their iPhones and installed SSH to allow remote access - but the new worm will break in and immediately change it", said Ducklin.

"This change is made by directly editing the encrypted value of the password in the master password file, so that the new password is never revealed", he added.

"This password-changing represents an additional risk, as it means that cybercriminals now know what your password is - allowing them to log back into your iPhone later - but you don't, so you cannot login and eliminate the virus."

As a result of the worm, Sophos strongly recommends that all users of jailbroken phones, change their passwords from `alpine' immediately to avoid further attacks.

 

This article is featured in:
Application Security • Malware and Hardware Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012