Saturday, November 28, 2009

The Speedy Evolution of iPhone Worms

The popularity of iPhone worms targeted at jailbroken iPhones with the original SSH password that I described recently continues to grow. The exploits have also become more threatening, moving from the Rickrolling ikee worm (whose creator was recently hired by an Australian iPhone software development Mogeneration) to the more threatening worms, including one that grabs your private data from the phone.

In chronological order so far worms have been:

  • Held iPhones hostage for 5 euros (November 2nd, ihacked)
  • Rickrolled affected users (November 8th, ikee)
  • Stolen personal data such as contacts, email, SMS messages, photos, music, and other users data (November 10th, iPhone/Privacy.A)
Of note, Sophos provides a very nice writeup and commentary on ikee.

Of course, as theappleblog notes, this threat could be much worse in future generations, as the technique is quickly improved and as more iPhone aware coders take advantage of the platform. Right now, a lot of the techniques used by Windows worms haven't shown up - the self replication capabilities are rudimentary, if there at all, and the concealment methods are largely simply based on file location.

The good news continues to be that the worms only go after phones with the default jailbroken SSH password, and that changing that password on a jailbroken phone will prevent the exploit. The bad news is that malware writers are likely now building toolkits that will easily integrate with the next iPhone exploit - and all that is really needed is an OS level vulnerability that can be remotely exploited to make iPhones a treasure trove of data for successful attackers.

The iPhone will continue to be an attractive target, both because of the desire of the user base to expand the phone's capabilities via jailbreak, and because of the user data and network access that a hacked iPhone can provide. I expect to see more concerted attacks on the iPhone's OS and applications over time, meaning that security and IT staff can expect to have new threats appearing on their networks - pocketable devices scanning for other devices and infecting each other may very well be our next big user initiated threat vector.

No comments: