Malicious iPhone worm discovered
Worm detected that can steal SMS history and banking authentication details from iPhones
The first malicious worm targeting the iPhone has been detected in the wild, according to security experts and internet service providers.
Researchers have confirmed that the new worm, which only affects iPhones that have been ‘jailbroken', is able to steal private information from the phone and connect back to a command server to run additional commands.
The worm follows on from instances of iPhone ‘Rickrolling' first seen two weeks ago, where a worm installed pictures of 80s singer Rick Astley. The new worm follows the same attack path, targeting jailbroken phones that use the default Apple password and OpenSSH, to remotely access the iPhone using the SSH protocol, but it is the first worm detected with a malicious payload.
The worm is able to steal SMS history, and also attempts to find mobile transaction authentication numbers which are used for some SMS banking services. It also connects to a master server and changes the root password for the device, making it harder to remove, and also tries to spread itself to other iPhones by searching several IP ranges.
iPhone handsets that have been infected by the worm will usually provide much shorter battery life, as the worm attempts to connect to wi-fi networks, draining the battery.
Jailbroken iPhones are phones that have been unlocked to run non-Apple approved applications and services. The software usually installs OpenSSH, leaving the phone vulnerable if the user does not change the password from Apple's weak default password.
Dutch ISP XS4ALL, one of the first companies to report the worm, issued an advisory: "A number of customers with jailbroken phones have been found running unknown software on their phones which is trying to compromise other iPhone users at other telecommunications providers. XS4ALL strongly advises caution against jailbreaking if you are not fully aware of the potential risks to your privacy and security."