Jailbroken iPhones hit by botnet threat

Powered by SC Magazine
 

Ban jailbroken iPhones from the enterprise?

Jailbroken iPhones are threatened by another virus - but this time the malware has the potential to spread much wider, hack into online bank accounts and set up a PC-type botnet.

'Legal' iPhones are not affected.

The virus is designed to scan IP addresses for vulnerable devices on the Optus mobile network in Australia as well as UPC in the Netherlands and T-Mobile, according to the blog of Chester Wisniewski, a senior Security Advisor at Sophos Canada.

In Early November, Wollongong-based Ashley Towns released a RickRolling virus affecting Jailbroken iPhones, which he said was a joke. This latest attack seems to have more sinister intentions.

For a start, the exploit changes the default password of the iPhone, which makes it far more difficult to recover from an infection. In addition, because the handsets are connected to a botnet, the criminal controlling the phones will be able to access any information stored on the phone and continue to expand the botnet by scanning for new targets.

Wisniewski warns enterprise administrators that jailbroken iPhones now pose a threat to all corporate data and should be removed from the network.

"It does not appear that iPhones are able to report back any sort of status information, so there is no way to securely use them in an enterprise environment. If an infected phone is also connected to your MS Exchange, WiFi, or VPN environment, all of your confidential data could be at risk," he said.

Wisniewski also thinks the malware is trying to hack into online banking accounts and recommends anyone with a jailbroken iPhone to restore it to Apple's original factory settings. He suggests using an alternative OS for more app "freedom".

"If you have jailbroken your iPhone, I recommend restoring it to the current Apple-supplied firmware. If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state," he wrote.


Jailbroken iPhones hit by botnet threat
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote