All the latest UK technology news, reviews and analysis
|
|
|
10 Jan 2008
A precocious pre-teen has prompted security warnings after creating a piece of malware for Apple's iPhone.
The 11 year-old hacker created a malicious file for the iPhone that masquerades as a legitimate piece of third-party software.
The file presents itself as 'firmware 1.1.3 prep', a utility said to prepare the handset for an upcoming software update.
Malicious activity does not occur when the software is installed; the damage is done when the user attempts to remove the malware. On deletion, the 'prep' file also removes a number of other legitimate files from the iPhone.
Security firm F-Secure credits the administrators of iPhone download site Modmyifone with publicising the attack and tracking down the author.
The administrators of Modmyifone claim that they have contacted the author's parents, and that the site hosting the malicious code has been taken down.
Since the first third-party iPhone applications were released last summer, their regulation has rested largely on the shoulders of the user community.
Apple has washed its hands of the unofficial software, saying that, while it would not take special steps to remove any iPhone hacks, it would not support or take responsibility for damage caused by third-party software.
Although this latest attack has been taken down, security firms are warning iPhone users to be very careful when installing third-party software on the mobile device.
McAfee recommends that iPhone users install only official firmware updates, and the US Computer Emergency Response Team advises users to download files only from trusted websites.
"Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and installed unverified software without a second thought," wrote F-Secure chief research officer Mikko Hyppönen.
"This time it was an 11 year-old playing with XML files who created the Trojan. Next time it might be someone with more skills and specific targets."
Latest stories from Communications
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My Client seeks an experienced Programme Director / Manager...
Senior Business Analyst (Systems Team Lead) We are...
Description: Drupal Developer (Back End) -Technical Consultancy...
A Global Business seeks an experienced Business Analyst...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Bright kid.
Perhaps a 'paddling' from father and a scholarship at a decent University (college results permitting)from Apple might be in order. Criminalising him could lead to real problems later.
Posted by: John Youngs 10 Jan 2008
It really is childs play, Apple need to bump up security!
If this "trojan" was written as an xml file as the article mentions then writing it is an incredibly trivial task and something in the reach of anyone who can use a pc and has basic word processing skills to write the text/xml file. What is worrying is the security of the iPhone against this sort of attack, if an xml file can run with no additional security surrounding the file (such as an authors signature) then we can probably expect similar things in the future. More alarming is the unpatched buffer overflow exploit(s?) which have the potential to allow an attacker complete access to your phone.
Posted by: Mike 10 Jan 2008