Welcome | Sign In
TechNewsWorld.com
Hacks & Malware

Dangerous New Worm Wriggles Through Jailbroken iPhones

Print Version
E-Mail Article
Reprints
Dangerous New Worm Wriggles Through Jailbroken iPhones

By Richard Adhikari
MacNewsWorld
Part of the ECT News Network
11/23/09 11:15 AM PT

The worms infecting jailbroken iPhones have evolved quickly. Earlier this month, the so-called Ikee worm merely bombarded its victims with images of an '80s pop singer. The latest worm, dubbed "Duh," wrangles iPhones into a malicious botnet. So far, the only iPhones that worms have managed to invade are jailbroken units that have been hacked by users to support software Apple hasn't approved.


For the third time in a matter of weeks, jailbroken iPhones and iPod touches have come under attack, this time by a worm that could set up botnets and steal banking information.

Security researchers, already on alert as a result of the two previous attacks on jailbroken iPhones, jumped on the worm right away.

"This is one of the first, if not the first, mobile Learn how SugarCRM will improve your business. Free Trial. Click here. botnets ever," Mikko Hypponen, chief research officer at F-Secure, told MacNewsWorld. "It clearly shows that the more criminal elements are entering the mobile space and targeting mobile phones."

More attacks targeting jailbroken iPhones and iPod touches may surface soon. "The problem of poorly secured jailbroken iPhones is so well-known now that it would be a surprise if we didn't see any more malware targeting the platform," said Graham Cluley, senior technology consultant at Sophos.

While some attacks could be launched with criminal intent -- like the latest worm, dubbed the "Duh" worm by Sophos researcher Paul Ducklin -- others might be created by hobbyist hackers and "script kiddies" -- novices who want to play with code for less nefarious purposes, Cluley told MacNewsWorld.

There's no way to prevent these attacks because Apple (Nasdaq: AAPL) won't work with antivirus vendors, F-Secure's Hypponen said. "We can't build an antivirus product for the iPhone without Apple's help and, so far, Apple hasn't seen security as a problem because there are no Apple viruses," he explained.

"Even this worm is not seen as a problem because it only affects jailbroken iPhones."

More About 'Duh'

The "Duh" worm used a command and control center just like a traditional botnet running on PCs, according to a blog post by Chester Wisniewski, senior security adviser at Sophos.

A botnet is a collection of computers that have been taken over by malicious software and formed into a network to distribute malware or spam. Such botnets are managed by a command-and-control server or servers which lay down rules and send out instructions to the bots.

The "Duh" worm configured two startup scripts -- one to execute it on boot-up and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master. The worm attacked ISPs in the Netherlands, other European countries and Australia. It spread more quickly on a WiFi connection than a typical 3G connection.

The worm targeted the ING Bank in the Netherlands, Peter James, global spokesperson at Intego, told MacNewsWorld. However, it could have easily spread to other countries, he pointed out.

A 'Duh' Moment

The worm called the component which reported back to its command and control center "Duh," leading Sophos researcher Paul Ducklin to call the worm by that name on his blog.

Unlike Ikee, the worm which made news recently by distributing a prank pop-up screen, the "Duh" worm changes the root password but leaves SSH running, Ducklin said. It changes the password by rewriting its hashed value in "/etc/masterpasswd," not by running the "passwd" command with the new password in plain text, so users won't know what it is.

Using the John the Ripper password cracker from the Openwall Project, Ducklin found out the "Duh" worm changed the iPhone's default password, which is "alpine," to "ohshit."

How could anyone sophisticated enough to hack an iPhone neglect to change the device's default password? "My guess is that users are excited about finally running their jailbroken iPhone and don't perceive that the dangers of leaving the password unchanged are significant," Sophos' Cluley said.

Jailbroken iPhones are now going to pose a serious security threat to the enterprise, Sophos' Wisniewski warned. "It does not appear that iPhones are able to report back any sort of status information, so there is no way to securely use them in an enterprise environment," he said. "If an infected phone is also connected to your MS Exchange, WiFi, or VPN environment, all of your confidential data could be at risk." IT administrators should conduct a physical spot check for jailbroken iPhones, Wisniewski recommended.

Security and the iPhone

The "Duh" worm is the most sophisticated iPhone malware to surface so far, Mac antivirus vendor Intego said. It is capable of downloading data, including executables and new files, that it uses to run and carry out its actions.

"The nasty thing about iPhone attacks is that there's nothing you can do," F-Secure's Hypponen pointed out. "There's no antivirus product available for the iPhone because Apple won't let antivirus vendors create one."

Apple spokesperson Natalie Harrison declined comment on this issue. Cupertino has little sympathy for jailbroken iPhone owners. "The worm affects only a very specific set of iPhone users who have jailbroken their iPhones and hacked it with unauthorized software," Harrison told MacNewsWorld.

"As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason," she added. "These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

Print Version E-Mail Article Reprints More by Richard Adhikari

Talkback: Be the first to comment on this story.

More by Richard Adhikari

Dev Hacks Emulator to Pick WinPho7's Brain
March 19, 2010
Dan Ardelean, a Windows Mobile developer, has unlocked the restricted emulator Microsoft showed to devs at its MIX10 conference recently, allowing him to view bits of the mobile OS Microsoft may not want the public to see yet. Ardelean says his motive was curiosity -- he wanted to see why Windows Mobile phones won't be upgradeable to Windows Phone 7 Series. 		Google Hatches Plot to Break Into TV
March 18, 2010
Google, Intel, Sony and Logitech have reportedly come together to create a new device platform built for bringing the Web closer to the TV. Google TV would apparently use the Android OS to streamline the act of surfing Web content, including Web-based videos as well as social networking sites, through the television. 		Anxieties Besiege FCC's Broadband Game Plan
March 17, 2010
The FCC has laid out some big goals for America's online future with its recently introduced national broadband plan, and those big goals may come complete with big price tags. Also causing anxiety among private enterprise is the degree of control the government will have to assume in order to put its plan into motion.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Free eBook: Secure Your Datacenter
Click here to download today.
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.