Jailbroken iPhones hit by botnet threat

Powered by SC Magazine

Ban jailbroken iPhones from the enterprise?

Jailbroken iPhones are threatened by another virus - but this time the malware has the potential to spread much wider, hack into online bank accounts and set up a PC-type botnet.

'Legal' iPhones are not affected.

The virus is designed to scan IP addresses for vulnerable devices on the Optus mobile network in Australia as well as UPC in the Netherlands and T-Mobile, according to the blog of Chester Wisniewski, a senior Security Advisor at Sophos Canada.

In Early November, Wollongong-based Ashley Towns released a RickRolling virus affecting Jailbroken iPhones, which he said was a joke. This latest attack seems to have more sinister intentions.

For a start, the exploit changes the default password of the iPhone, which makes it far more difficult to recover from an infection. In addition, because the handsets are connected to a botnet, the criminal controlling the phones will be able to access any information stored on the phone and continue to expand the botnet by scanning for new targets.

Wisniewski warns enterprise administrators that jailbroken iPhones now pose a threat to all corporate data and should be removed from the network.

"It does not appear that iPhones are able to report back any sort of status information, so there is no way to securely use them in an enterprise environment. If an infected phone is also connected to your MS Exchange, WiFi, or VPN environment, all of your confidential data could be at risk," he said.

Wisniewski also thinks the malware is trying to hack into online banking accounts and recommends anyone with a jailbroken iPhone to restore it to Apple's original factory settings. He suggests using an alternative OS for more app "freedom".

"If you have jailbroken your iPhone, I recommend restoring it to the current Apple-supplied firmware. If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state," he wrote.

Jailbroken iPhones hit by botnet threat
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
Sign up to receive iTnews email bulletins
Latest Comments
In which area is your IT shop hiring the most staff?

   |   View results
IT security and risk
Sourcing and strategy
IT infrastructure (servers, storage, networking)
End user computing (desktops, mobiles, apps)
Software development

Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results