A malicious iPhone virus has been discovered in Europe which enables hackers to hijack jailbroken iPhones and steal passwords, account details and other personal information. Once infected, all data that passes through the phone is compromised.
The worm, called 'Duh' or 'Ikee.B' by security researchers, was reported spreading in the wild in The Netherlands. It hunts for vulnerable iPhones on a wider IP range than Ikee, which was only ever reported in Australia. Duh includes IP ranges in several countries, including The Netherlands, Portugal, Australia, Austria, and Hungary.
Data protection firm Sophos is warning users that the virus is serious, as it turns infected iPhones into zombies, joining them to a botnet.
Brett Myroff, CEO of regional Sophos distributor, Sophos SA, says: "This means that once a user's iPhone has been turned into a zombie, cyber criminals can use it to download and perform any commands they might want in the future.
Bad to worse
“Two weeks ago, the first-ever iPhone virus appeared, changing the wallpaper on infected phones to an image of 1980s pop star, Rick Astley,” says Myroff. “However, aside from gobbling up bandwidth and Rickrolling iPhones, it had no additional criminal intentions.”
Denis Maslennikov, mobile research group manager at Kasperksy Lab, says the new iPhone worm attempts to steal personal banking information and also can act as a bot. “This worm attempts to connect with a control centre located in Lithuania, which then issues a series of malicious commands to the handsets.”
According to Maslennikov, only jailbroken iPhones and iPod Touches are vulnerable to this worm. “If you have a jailbroken iPhone or iPod Touch you should change the default SSH password in order to protect your smartphone from infection,” he says.
Password control
Although Kaspersky is not sure of the worms' origins, it believes the first but relatively harmless iPhone worm and this one were created by different individuals in different countries.
“The first was a proof-of-concept worm but unfortunately in the wild, the second one is more harmful because it attempts to compromise iPhone users' personal information, and clearly has a financial motivation behind it,” says Maslennikov.
Myroff agrees. “This latest iPhone malware is doubly criminal. Not only does it break into your iPhone without permission, but it also cedes control of your phone to a botnet command server.”
He adds that Duh changes a user's password on their iPhone, meaning cyber criminals have access and infected users don't, allowing criminals to log back into the iPhone later. In addition, it is dangerous as users cannot then login to eliminate the virus.
However, SophosLabs researchers managed to recover the password, revealing that infected users can login as root with the password “ohshit”.
Myroff says Apple's default root password on the iPhone - 'alpine' - breaks two fundamental rules, as it's both a dictionary word and well-known. This doesn't matter for most iPhone users, as they haven't jailbroken their iPhones and installed SSH to allow remote access.
Maslennikov says Kaspersky Lab recommends that users change default SSH password in order to protect their phones from infection.
Share