Just two weeks after Apple iPhone users in Australia reported jailbroken iPhones came under siege by attackers, a new version of the iPhone worm is posing a threat. Symantec reports the new worm targets jailbroken iPhones running SSH that are still using the default password. The worm can reportedly steal data stored on the iPhone as well as connect back to the attacker, giving them control of the phone.
"Unlike the first iPhone worm, this one appears to cover a much broader range of IP addresses, including UPC in the Netherlands, Optus in Australia, possibly a Hungarian and a Portuguese provider, T-Mobile and potentially many others," said Symantec's John McDonald. "And although this particular incarnation seems to be very similar in functionality to the hack tool we blogged about, this one supposedly runs and spreads directly from an infected iPhone, not from a computer."
This latest attack appears to be designed to create a botnet of iPhones -- an army of hijacked iPhones under the control of remote hackers, according to Graham Cluley, a senior security consultant at Sophos.
"The hackers can then order the iPhones to do whatever they wish," he explained. "For instance, they could be instructed to send spam, spread more malware, or steal information. In this case the worm appears to be specifically trying to steal information from users of a Dutch bank."
The earlier Ikee worm wasn't written with an obvious financial motivation and appears to have been designed to spread a picture of Rick Astley, Cluley said. However, he added, there is no doubt that the author of Ikee helped the creators of this worm by releasing his source code, giving them a template upon which to create their own more malicious attack.
More Worms Expected
After the release of the first iPhone 3G worm two weeks ago, Sophos took the occasion to conduct a survey. The results: Most people believe there will be more iPhone malware.
Specifically, 71 percent believe the iPhone will be exposed to more virus attacks in the future. Twenty-five percent believe only jailbroken iPhones will be at risk and that users who don't tinker with their iPhone will be immune. A mere four percent don't believe attackers will craft more iPhone-targeted worms.
"If you have a jailbroken iPhone, you would be crazy not to ensure that you have also changed the default root password. Leaving it in its default state is playing Russian Roulette with your data," Cluley said. "There will undoubtedly be more attacks attempting to take advantage of hackers gambling with the security of their jailbroken iPhone."
After all the fuss caused by the previous incidents, McDonald said, it's hard to believe anyone would have left their jailbroken iPhone in a vulnerable state.
However, users who think their iPhone or iPod touch may have been compromised, or who know they have a jailbroken device and are concerned about worms, he said, should back up their data, then restore the device to its factory settings and, where applicable, apply the latest firmware update from Apple.
Image credit: Product shots by Apple.