A second iPhone virus has now emerged which enables its controller to connect to any jailbroken phone and steal confidential data including SMS messages, internet bookmarks and contact lists.
The bug comes just days after a young Australian created a virus designed to infect jailbroken phones, but now says he regrets the decision to spread the virus after receiving death threats and non-stop phone calls.
The new virus, which uses the same vulnerability identified by 21-year-old Ashley Town’s “Ikee” bug, has been labelled as the “iPhone/Privacy A” virus by security firm Intego, which was the first firm to discover the virus.
The company wrote on its official blog the virus takes advantage of any jailbroken iPhone, or iPod Touch, that has not changed the “root password”.
A jailbroken phone is an iPhone that has installed a piece of software allowing users to crack open the gadget’s internal file system, which allows the installation of unapproved applications. While non-jailbroken phones are not at risk, Intego estimates up to 8% of all iPhones are jailbroken.
“When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: email, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app.”
But the firm warns that unlike Towns’ virus, which was designed specifically to inform users they had been infected, the Privacy A bug is designed to act silently.
“This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the WiFi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.”
The company warned users on its blog to be aware of the vulnerabilities of jailbreaking their phones, saying it could lead to security disasters.
“We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild. While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices.”
Meanwhile, Ashley Towns has told ITNews.com.au the decision to release his first bug, which displays a picture of 1980s pop star Rick Astley on the user’s home screen, has brought him unwanted attention.
“In reality it was a pretty stupid thing to do,” Towns said.”It’s crazy. It definitely changed the way I look at all the posts about people and stuff.”
Towns also said he regrets leaving comments inside the bug’s source code that taunted iPhone users about leaving their gadgets unprotected by pass codes.
“People are stupid, and this is to prove it so RTFM [Read The F***ing Manual]. It’s not that hard [sic] guys. But hey who cares, it’s only your bank details at stake,” a note inside the code said.
“I meant it in a sarcastic kind of way,” Towns said. “It’s one of those things I just typed without really thinking.”
The virus has been the subject of international attention. Sophos senior technology consultant Graham Cluley said in a statement the virus will enable others to design similar attacks of their own.
“But what’s worst of all is that the code for the worm is now available for anyone to download. The genie is let out of the bottle – and anyone could write a more dangerous version of the worm which could have a much more dangerous payload. My prediction is that we may see more attacks like this in the future,” he said.