Intego, Mac security specialists, have discovered a new piece of malware which takes advantage of the same vulnerability as the recent ikee worm.Both exploits target jailbroken Apple iPhones or iPod touch. For those not in the know, jailbroken mobile phones are ones which have been hacked by the owner to allow installation of unauthorized software. The vulnerability makes it possible for a hacker to connect to any jailbroken iPhone/iPos touch where the owner has not changed the root password. Intego stresses that the new tool only targets jailbroken devices, and no-jailbroken phones are secure from it.
iPhone/Privacy.A lets a hacker access and copy any user data from the jailbroken device, including e-mails, contact, calendars, photos, SMSs, videos, in fact any data recorded by apps. The tool is installed on the hacker’s computer, then used to scan for iPhones in the vicinity of the network. Any susceptible device it finds is automatically hacked into and the data stolen. For example, someone could sit in a WiFI enabled coffee shop, letting their notebook scan for iPhones that come into the range of the wifi network, looking for data. The tool can even be installed on iPhones, and used for scanning jailbroken phones anywhere. What makes this even more dangerous is that unlike the ikee worm, the user has no idea that his iPhone has been affected.
Will someone from the jailbroken app community step up and write a program that protects against this tool? Maybe an unauthorized app already exists that can be installed; any one out there know of one?