Jailbroken iPhones Vulnerable to Attack

2009-11-11

The Register's John Leyden reports that a new attack called 'iPhone-Privacy-A' is the latest hacking threat to exploit the same vulnerability in the iPhone as last weekend's Rickrolling worm 'ikee', allowing hackers to connect to any jailbroken phone.

iPhone users basically hack their own phones, or 'jailbreak' to allow the installation of software that cannot be downloaded through Apple's App Store. Its estimated that six to eight percent of iPhones are jailbroken. Leyden writes that the jailbreaking process often involves installing an SSH remote access service on iPhones. During which, users often do not change their default root password which becomes a security shortcoming that can be exploited by both the ikee worm and the Privacy-A hacking tool.

Intego, Mac-specialist security firm, warns of the Privacy-A attack "When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: email, contacts, SMSs, calendars, photos, music files, videos, as well as any other data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone."

Read the full article here.