Jailbroken iPhones hit by botnet threat

Powered by SC Magazine
 

Ban jailbroken iPhones from the enterprise?

Jailbroken iPhones are threatened by another virus - but this time the malware has the potential to spread much wider, hack into online bank accounts and set up a PC-type botnet.

'Legal' iPhones are not affected.

The virus is designed to scan IP addresses for vulnerable devices on the Optus mobile network in Australia as well as UPC in the Netherlands and T-Mobile, according to the blog of Chester Wisniewski, a senior Security Advisor at Sophos Canada.

In Early November, Wollongong-based Ashley Towns released a RickRolling virus affecting Jailbroken iPhones, which he said was a joke. This latest attack seems to have more sinister intentions.

For a start, the exploit changes the default password of the iPhone, which makes it far more difficult to recover from an infection. In addition, because the handsets are connected to a botnet, the criminal controlling the phones will be able to access any information stored on the phone and continue to expand the botnet by scanning for new targets.

Wisniewski warns enterprise administrators that jailbroken iPhones now pose a threat to all corporate data and should be removed from the network.

"It does not appear that iPhones are able to report back any sort of status information, so there is no way to securely use them in an enterprise environment. If an infected phone is also connected to your MS Exchange, WiFi, or VPN environment, all of your confidential data could be at risk," he said.

Wisniewski also thinks the malware is trying to hack into online banking accounts and recommends anyone with a jailbroken iPhone to restore it to Apple's original factory settings. He suggests using an alternative OS for more app "freedom".

"If you have jailbroken your iPhone, I recommend restoring it to the current Apple-supplied firmware. If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state," he wrote.


Jailbroken iPhones hit by botnet threat
 
 
 
Top Stories
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3055

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 971

Vote