Hackers are obtaining personal data from jailbroken iPhones. The new malware called “iPhone/Privacy.A” uses the same approach as the “ikee” worm to silently snatch control of some iPhones. They then proceed to steal personal information from the hijacked iPhone, including e-mail messages, names from the address book, text messages, music and video files, photos and calendar entries. The ikee worm was released a week ago by Ashley Towns, a 21-year-old unemployed Australian programmer, who told the IDG News Service that he intended it as a prank.
The attacks only affect those Apple smartphones whose users have hacked, or “jailbroken” the devices to install unauthorized software or make calls on carriers other then the ones Apple assigns. "It's not surprising," said Charlie Miller, a noted researcher of iPhone vulnerabilities, when asked his take on the move toward malicious intent. "This 'vulnerability' gives you root access to the iPhone, which gives you full access. It's trivial to exploit, that doesn't need shellcode or anything like that."
This could be installed on a computer on display in a retail store, which cold then scan all iPhones that pass within the reach of its network. Or a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the Wi-Fi network in search of data. Similar malware could also do more than the data plundering that iPhone/Privacy.A is engaged in. Stealing personal data is certainly possible, as is running up the phone bill, sending bulk SMS messages and so on.
David Harley, director of malware intelligence at San Diego, Calif.-based security vendor ESET urged iPhone users to take caution and Apple to tackle the inherent security weaknesses of jailbroken iPhones. "This is more than a prank: It's an indication that the platform is regarded as a target for more than proof-of-concept messing about. Apple should be considering whether they should do some re-engineering to take into account vulnerabilities introduced by jailbreaking."
I thought that this article was interesting because I know so many friends who jailbreak there iPhones so that can get all the programs for free, but they don’t realize that they are really putting themselves into danger.
http://www.computerworld.com/s/article/9140699/Hackers_pillage_jailbroken_iPhones?taxonomyId=82
Posts
This becomes somewhat of an issue of you reap what you sow or in another manner, trying to go the easy route might actually result in bad. iPhones seem like a hotbed of easy hacking access. They are connected to the web most of the time, and even though I'm sure it's protected, it's easy to access the phone's network. It also seems that anyone can make an app these days. Most people should be careful about what they're downloading even if it sounds "good."
ReplyDeleteApple also should think about their reputation as being a secure electronics device company. Most of their products boast security over Windows. This would prove faulty to them if jailbreaking continues.
As a member of the iPhone community, I definitely understand the risks associated with downloading numerous amounts of apps, even if only to delete them later. However, I wonder who is to blame for this type of hacking. Although black hat hacking is morally wrong in all aspects, I agree with Christian that you should be careful about the types of apps you download onto your phones. With the abundance of apps, thousands and thousands to choose from, it seems hard for someone to accurately determine which apps could be detrimental to their phones. But, if the only way this particular malware could be installed on the iPhone is through the original owner of the phone trying to beat the system, then not much could be said. Once you purposely expose your network to hackers, you cannot be upset that they hack into your system!
ReplyDeleteI hate to be so blunt and mean about this issue but that is what these people get for hacking the iPhone software to being with. Jailbreaking phones is illegal and frowned upon by both AT&T and Apple. When downloading any software or applications from a website that intends to do something illegal as it is, you can only assume that there is an application that could intend to cause harm to the iPhone and compromise your personal data. I personally don't feel sorry for these people because they are already doing something that is illegal
ReplyDeleteAfter reading this post, I agree with Will when he says that the individuals with jailbroken iphones have this coming to them. Apple did not intend for the iphone to be used (or misused) in such a way and, as such, does not need to protect the individuals who exploit their phones.
ReplyDeleteI am sure that the people who tinkered with their iphones is this way did not foresee such a risk to their security and, for that reason, I do have some sympathy for them. However, anyone with the capability of hacking their own technology is this way should also be aware that their are many other people who are also capable of hacking their technology. Therefore, they should recognize that by forfeiting the security Apple's original plan provides, they open themselves up to a host of security attacks.
This is a very interesting post. I also own an Iphone and I have considered jailbreaking it many times. To be honest, its sad that someone can locate a jailbroken iphone and steal personal data from the owner but that is a risk involved with jailbreaking your phone. Despite this, I still believe Apple should put more security in their product. Not to promote jailbreaking but to be loyal to their customers and prevent unnecessary customer service calls from apple. I say this because if a hacker were to run up a phone bill, AT&T would have to credit the account. If they feel they are not at fault and don't credit the account, they could lose many customers. It is just safer for both sides to prevent theft of personal information.
ReplyDelete