iPhone Malware Steals Your Data For Reals, Foregoes Rickrolling

Mac security firm Intego is now reporting its discovery of a piece of malware which affects many jailbroken iPhone. The malware appears to use the same vulnerability as the “ikee” exploit which we reported on earlier this week. This more nefarious software can be installed on any device and used to collect user data from any jailbroken iPhone or iPod touch which uses the default root password.

Unlike traditional computer viruses, this one, which Intego calls “iPhone/Privacy.A,” instead simply runs on a Mac, PC, or even another iPhone and monitors for jailbroken devices. Once the software finds a vulnerable device, the hacker can then access and copy any information.

When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.

Intego recommends against jailbreaking as non-jailbroken iPhones and iPod touches are not at risk. We recommend that if you do choose to jailbrek your device, you should disable SSH and change your device’s root password. 

[via Mac OS Ken]

View the comments on the forum…