Apple fans are often smug about their immunity to virus attacks on their Macs and iPhones. Well, these devices are hardly safe from viruses, worms, or other attacks, but it's true that they're more secure than Windows PCs. A recent report from antivirus vendor Intego shows how few attacks made their way into the iPhone and Mac worlds last year.
Except for jailbroken iPhones and iPod Touches -- the mobile devices, ironically, aimed at more sophisticated users who are typically better at erecting security safeguards than the rank-and-file consumer. It turns out, jailbreaking an iPhone -- so you can use a different carrier and run apps that Apple has not approved in its App Store -- disables about 80 percent of the Phone's built-in security features, as hacker Charlie Miller reported at the SyScan security conference. Yikes!
[ See where the Mac's vulnerabilities could get you in trouble, in InfoWorld's special report. | Learn all about jailbreaking your iPhone --- if you dare. ]
And hackers are taking full advantage, Intego reports. A jailbroken iPhone is usually made accessible through an SSH (secure shell) Unix command, which can be invoked over the air, not just when the iPhone is tethered -- part of the jailbreaking process usually involves installing the OpenSSH utility. But few people who jailbreak their iPhones bothered to change the default password, and hackers quickly learned they could scan ports to find OpenSSH and log in to install nefarious software. (For the record, Intego notes that not all networks allow such access; those that use NAT, for example, prevent this kind of phishing.)
One hacker simply SSH'd in, then sent the users a text message saying their iPhone was insecure and offering to fix it for a small fee. (The fix: Changing the password!) But several were more evil in their actions.
The first was the Ikee worm, which installed a Rick Astley wallpaper image, then turned off SSH -- but not before sniffing around for other jailbroken iPhones to infect.
That led to someone creating a similar worm around Thanksgiving that copied out information from infected iPhones -- phone numbers, e-mails, contacts, notes, calendars, photos, music, videos, you name it -- to a server. That server could run on a PC pretty much anywhere, such as a mall or park, silently capturing data from nearby iPhones. And unlike the Ikee worm, it didn't give users a clue like the Rick Astley wallpaper that they had been hacked, so its victims had no idea they were infected or their data was stolen.