Security experts have renewed warnings against unlocking the iPhone
Malicious worm targets jail-broken iPhones
/v3-uk/news/1975787/malicious-worm-targets-jail-broken-iphones
23 Nov 2009, Phil Muncaster , V3
Users of jail-broken iPhones are being warned of yet another piece of malware after the discovery over the weekend of a worm with the ability to steal online banking credentials.
The new 'Duh' malware is likely to be based on the original Ikee worm which was spread a couple of weeks ago by a young hacker in Australia. Both target jail-broken iPhones with OpenSSH installed and the default password intact.
However, security experts have warned that its characteristics are much more malicious, and that hackers are likely to continue to propagate such malware if they can make money from it.
"It is much more serious than Ikee because it is not limited to infecting iPhone users in Australia, and communicates with an internet 'control and command' centre, downloading new instructions and effectively turning your iPhone into part of a botnet," said Sophos senior technology consultant Graham Cluley.
"Furthermore, it appears to be designed to steal information from users of online banking services."
Cluley's colleague at Sophos, Chester Wisniewski, added that the worm appears to be attacking IP ranges from a larger range of internet service providers. He recommended users to restore their phones to the Apple-supplied firmware, or think about choosing a different phone.
"If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state," he said in a blog post.
"This further demonstrates that iPhones are not ready for the business environment. Apple has made a great effort at preventing people from cracking into their software and unlocking/jail-breaking their devices, but where there is a will, there will always be a way."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
More of the Personal touch
Touch Phones, impersonal banking. Why not go back to the good old honest fashion of actually going to your bank and dealing direct with a person. The safest way to bank is to go to a local branch and do your transactions there. If you do it over the net, you will be caught out. The reason Identity theft is such a huge market is because it is far too easy for computer data to be stolen. I may work with computers, and I may have loads of gadgets, but banking is done in a bank, its safer.
Posted by Paul Wilson, 23 Nov 2009
"This further demonstrates that iPhones are not ready for the business environment.".
what a stupid comment!! anything that is digital can be hacked, computers, xbox 360's, dvd players, and phones, any phone! look what happened on the so called business safe blackberry a few months back, the chinese were able to install spyware through an over the air update! its the current world we live in get over it.
Posted by Adam Oram, 23 Nov 2009
Simple Fix
You set yourself up for disaster by not changing default passwords. To the few that never have, its a quick fix. Unless you're already infected, of course.
Posted by reer, 24 Nov 2009