Jailbroken iPhones hit by botnet threat

Powered by SC Magazine
 

Ban jailbroken iPhones from the enterprise?

Jailbroken iPhones are threatened by another virus - but this time the malware has the potential to spread much wider, hack into online bank accounts and set up a PC-type botnet.

'Legal' iPhones are not affected.

The virus is designed to scan IP addresses for vulnerable devices on the Optus mobile network in Australia as well as UPC in the Netherlands and T-Mobile, according to the blog of Chester Wisniewski, a senior Security Advisor at Sophos Canada.

In Early November, Wollongong-based Ashley Towns released a RickRolling virus affecting Jailbroken iPhones, which he said was a joke. This latest attack seems to have more sinister intentions.

For a start, the exploit changes the default password of the iPhone, which makes it far more difficult to recover from an infection. In addition, because the handsets are connected to a botnet, the criminal controlling the phones will be able to access any information stored on the phone and continue to expand the botnet by scanning for new targets.

Wisniewski warns enterprise administrators that jailbroken iPhones now pose a threat to all corporate data and should be removed from the network.

"It does not appear that iPhones are able to report back any sort of status information, so there is no way to securely use them in an enterprise environment. If an infected phone is also connected to your MS Exchange, WiFi, or VPN environment, all of your confidential data could be at risk," he said.

Wisniewski also thinks the malware is trying to hack into online banking accounts and recommends anyone with a jailbroken iPhone to restore it to Apple's original factory settings. He suggests using an alternative OS for more app "freedom".

"If you have jailbroken your iPhone, I recommend restoring it to the current Apple-supplied firmware. If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state," he wrote.


Jailbroken iPhones hit by botnet threat
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 765

Vote