Security and utility software firm Intego says it has uncovered the first malicious malware to attack jailbroken iPhones—and it uses the same SSH vulnerability that powers the rickrolling worm that emerged in Australia earlier this week. Except this new malware—which Intego is dubbed “iPhone/Privacy.A” enables attackers to grab email, contacts, photos, and any other data stored on a compromised device.
According to Intego, the new iPhone malware exploits the same vulnerability the rickrolling worm used: users who have installed SSH on their jailbroken iPhone but who have not reset the default root password are vulnerable. iPhone owners who have not jailbroken their devices are not vulnerable; similarly, users who have installed SSH on their jailbroken devices and changed the default root password are not vulnerable.
The source of the malware is a tool that can run on Windows, Mac OS X, Linux, or iPhones; once installed, it scans the network available to the machine for exploitable iPhones, it breaks in and steals the iPhone’s data. Unlike the rickrolling worm, the new malware gives no indication that anything is wrong with the iPhone, and in fact no software is installed on the compromised iPhones.
Intego has updated its own VirusBarrier X5 protection suite to detect and eradicate the cracking tool on Macs.
Intego has, in the past, been guilty of a fair bit of fear-mongering and exaggeration of security threats on the Macintosh. In part, that may be due to the general lack of malware on the Mac platform, so—as a developer of Mac security products—the company may seize on any relevant development with unwarranted zeal. However, as the Macintosh and the iPhone platforms become more ubiquitous, security issues and malware will become more of a reality, and Intego is clear in its announcement that iPhone users who have not jailbroken their devices are at no risk.
