The iPhone virus now has a payload

iTWire has published a number of stories on the recent iPhone / iPod Touch virus Ikee and it was alluded in these that the naughty boys would pick up on the basic code and make it do something useful.

Guess what, they have already!

Reports are flooding in from a variety of virus research organisations that a new virus, called iPhone/Privacy.A is definitely stealing user data. Peter James, of Intego, writing on his blog observes that, “When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.

“Hackers using this tool will install it on a computer – Mac, PC, Unix or Linux – then let it work. It scans the network accessible to it, and when it finds a jailbroken iPhone, breaks into it, then steals data and records it.”

James also observes that there is no reason why this wouldn’t make a wonderful addition to a display PC in a computer store, after-all, computer store visitors are probably more likely to have jailbroken iPhones in their pocket! Intego estimates that around 6 – 8% of all iPhones have been jailbroken.

David Harley, writing on his ESET blog confirms that the host-side data collection tool, being Python-based, will run on pretty-well any computer from MS-DOS, through Windows, Linux and Mac-OS.

By the way, for the (currently smug) non-jailbroken iPhone owners, noted virus researcher Charlie Miller of Independent Security Evaluators (interviewed by Computerworld earlier this week) observed that “While jailbreaking your iPhone puts you at risk for this particular bug, its not the case that non-jailbroken iPhones are immune to attack. The SMS vulnerability I talked about at Black Hat [last July] also would give root access to an iPhone whether it was jailbroken or not. And I certainly didn’t find the only bug like that.”

Instructions on changing the SSH password are contained in the cooments to the original iTWire article on the subject.

via iTWire – The iPhone virus now has a payload.